last executing test programs:

12.777701534s ago: executing program 0 (id=829):
r0 = socket(0x10, 0x3, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000063c0)={0x2020}, 0x2020)
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f00000000c0), 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1d, 0xc, &(0x7f0000000fc0)=ANY=[@ANYBLOB="1800000000000000000000000000100085000000bb000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa2af}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
getpgrp(r2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r5, &(0x7f0000002f40)={0xa, 0x4e24, 0xb, @dev={0xfe, 0x80, '\x00', 0xf}, 0x3}, 0x1c)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=@bridge_getlink={0x34, 0x12, 0x1, 0x0, 0x0, {}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg0\x00'}]}, 0x34}}, 0x0)

11.825719726s ago: executing program 0 (id=834):
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1a01000000000040c410cf8a000000000001090224000100000000090400000103000000092100000501220500090581030000000000"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4404}, 0x804)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = syz_open_dev$vbi(&(0x7f00000000c0), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f00000002c0)={0x4, @sdr={0x30314247, 0x6}})
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0900000007000000000001"], 0x50)
r3 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01)
r4 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0)
read$hiddev(r4, &(0x7f0000002300)=""/102, 0x66)
write$char_usb(r3, &(0x7f0000000040)="e2", 0x2250)

10.676959512s ago: executing program 3 (id=836):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, 0x3e, 0x301, 0x270bd26, 0x25dfdc00, {0x3}, [@typed={0x8, 0xfa, 0x0, 0x0, @pid}]}, 0x1c}}, 0x8004)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000180)={"31bd7cd6da5cf8da379908250f4299c093d1ddbd65ef6f54ca5b9187bf97c789", 0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = fcntl$dupfd(0xffffffffffffffff, 0x406, r0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, &(0x7f00000001c0)={0x48, 0x7, r5, 0x0, 0x2, 0x0, 0x1, 0x33724b, 0x33e4eb})
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000000)=@reiserfs_2={0x8, 0x2, {0x2, 0x5}}, 0xc02)
r6 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x1e28, 0x0, 0x0, 0x28b})
io_uring_register$IORING_REGISTER_FILES(r6, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r7, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_GROUP={0x8, 0x1b, 0x1000}]}, 0x28}}, 0x0)

9.398708611s ago: executing program 4 (id=840):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000000, &(0x7f0000000180)=0x1, 0x4)
fcntl$setpipe(r3, 0x407, 0x0)
connect$inet(r4, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
ioctl$int_in(r4, 0x5421, &(0x7f0000000240)=0x1)
sendto$inet(r4, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r4, 0x0, r3, 0x0, 0xfea8, 0xa)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x7bd}}, './file0\x00'})
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$getregs(0xc, r5, 0xffffffffffffdcaf, &(0x7f0000000040)=""/45)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, 0x0, 0x24040808)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r0, r6, 0x0, 0x201f00)

8.466013747s ago: executing program 4 (id=842):
syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/slabinfo\x00', 0x0, 0x0)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x18, &(0x7f0000000080)=0x200, 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x3, @mcast1, 0x4}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
prlimit64(0x0, 0xe, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000380)=0xd)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket(0x40000000015, 0x5, 0x0)
mount$nfs(0x0, 0x0, 0x0, 0x201008, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, 0x0, &(0x7f0000000580))
fchown(r5, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180), 0xc000, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)={0x14, 0x16, 0xf15, 0x0, 0x25dfdbfb, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0)

8.218097025s ago: executing program 0 (id=843):
r0 = socket(0x1e, 0x4, 0x0)
r1 = gettid()
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0)
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, 0x0, 0x2, {0x3}}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan0\x00'})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000d00)={0x8, {"7894e6e62ce0f10fcdce74f21ad5b47c923d4dec90cefd599912070f341d59a8802e33af9869738f25b2f72093dd0ffa688e8e417c6e0e09b99649818d7caca39e142ef69d9101397854c3f51bde013686a626b2120c03d98c0ad981069188fbbddb88bf41a6b29ed43d1244e6025e1e4a2f40577619ccee39385bfc86461023a7906e5c07d16415140f4ab26db004362c885ef2c9ee82d3dd7e2ac42ca05d81ccea87dc0ec4a8f222013d6d4d0b0c828f3d2e3151dce87bfb335c1ad67bb3323564022ab23a6ba54ca117ca592c8d4227922347ea6f7c9d3dbdbc8d235f2d03e688d5ca7718d60e911534f964bf20359a0057847e7d7fd2cc463784aab2b06ba95512cfc427da44aa73634b0797b9baab391aa176d259c047ee9d346e63903860ab3c571d064509a715c5c4c6edffce9e1701e8291c2d937e3ff18691fe9a665b1a3b717a40205f8efa239b37e6b33f5c8ac28e616f788d0294c8d39ff4a63aaca7d4c578a935dd84850432201081bc1b00c5797847eaff8cecf8af8a60f075b5ff1c3dc9e62f9a3cfc4333a7501dd8badfdc691a9d35d3fc2c0e8f1b21a2c619201004a0d82bace1738ba9ca93e6fbf8ebaa78b5423efb19d3337ad050a7a1a634737a0169921911b277ab235f8b186efd60c3eff58e974a856ba460c5fbd91c1b5c999a7f6b4474560e0c5698085e1ff96381999bf7338dddab4499c6ae315245ecc98d3ca2ebc11214a4115e9205e7d1705591be4029a5e92ae06c02ba39ac70cf1ba082ccee070bf2feafa55ac6e863adb6f89a7475c2dc073058b0f8a52151d8c3ced025463656942bfd257ace6c54bd57985a44cef1c20777db47d12bd34371ef6f537e455b7787e3a853713877fa9465937602ceef8b9439507ab802ea4eaf5ee2ecd710b1840d8b8c995b5904434198abd8f0e830857ed1af53f3bcede9d57afb1cd7ad27bf222a6d1c58286c40d22211a3b2b7b7bbf5923a528fa4d781aaec1f67e013392b17197d2f6ff2d0e68bea94ce57cc516daffdf2348333a8dc596894540aa2a79437d95465fc27627b0e26871d5248c39e1a3badb319d449a7d67145418e1a35cb4bf950a5483d6e80763ea676b89d1f1e2cea20c590c76ae9fb228ffd638ccabdb3830cf944e1cccfb7ba8b1d1f0aabc498155ddda8404ebe2e25cfcfa9058af7d66bef79e592a579d556404ea3f28d6ddb3fdead9123247e23827f729eee41540d0f0e94027d65eee4e7c1c913c634f9abf546388cd2e4b351b16bd97faae3b54f5b2750495619ec36d97a1080564fa30a9f8a2700b77340b5bbd9cc377ee35420b5b762935047af7837e973a9da42ef93c11f145704d041054bcc4680363cbbee16a2bc0eaaa49cfa23330a666dff32daa17a6ea425f1ed2354d0c36893c895a0564e100d3e1385467405ca2706cfb62453faf72b1648727faeffb3c934bc4e48e4ce93af11bff3208cb3843da7ed68451b4af747ef72e2fb78a73990c95097c9504aacddffc5caadeb171e95ad113561144907d361fd28695239f6619360b9d0eead653cc83ab13fc7c0c60237e3363b6f319daa38d792426393e2396404a112ed9e70b378f494d4b540bf9b44d76b347a12c8cdaeed350a85698eb71bd126f75b9aa0ff7435926a4a4ce04e4187eae5a80b1ff56aa7f1b005a9a057b6ace4cf08c404f66c0b31974d151e9a2840ebcbfbfd898e6694b89fe78a68b90551c9d33c14914dceff64a699c1cf1570c2d1f53e905abef9f954fbdd100b1b18f10dbd673bd6c7a9693286cf2dc0ab9919466750aa42ccfa27e9ff4190dd784ec6f2e19270521f98561a959152b16a80f0b1e183375d3886936ae03ff4949777d30481c24bbae918d5fdcc8f46ff05e2370095bc85cde086dc1e32423f21c13c42490fb679462f35dd0c4ef06f8c3f24327af47ea2c73a856f112385094fe138022e308c157adb19b94ed0e8d94b805883318b33b22f371d62f0b764b2a44b65018bef417357aa997ea4ef95a2899963e06a3c553943e14d3364b73919f5e6d8395d56d522f1b19ae37d48f1534d92e4248824adb555281aea2fb317bfb30cdc7d4efada900006f45578a061b19e2eeefffdbf1974a1633182501611724079f926122c1c8fd9b1d8e6302d76ed90616abcfcac478e3b8d3be91eee5f9c653f8fed3afc1eb33d9314aaa021e8b53ab7ba3e59b301a6c757efd95c6661d7d3e8a73cdec7833f4608dc238d8e144a5b0196a9aea6fb30efdfdb05f9529c52af93cd78d857e3cc920bf30b2292380c662890f3679c09aea55c77a75dbb4da338c0fb737a5fc31252d9fa798f9dd70947f6cfa0474a7a835c694dfbb5c678216915d1f04c81d5df8f2efde80fdbce8248525d9b639f394847b9a8c2e7f7288b031df91db059eabb750c1bfe732b78001c2cca0f74cd8873cc2a892d26e1dbd48db297853775c21d68ce1daebee4f4d65bf8e448b1c80da35eaff3295ffe0aef68baff15f7585aba741699c3ed9a62f2c18200e40cbb383b844459ca9636d61645470d4f8b04704b84a7986d816c037d368d807ab936faa842a427cc4987ab506f3f08841195c893f39656547ff62730ec43aa78311d57defe4002301f6b9e1f6573f3a46715e2d1f899480e8bc97f5dfe48ad14df280126998d32dc0a63231584b5ee82d5f90d5ccd3eb3923cee0dfe0eb9b1ac54fd97214ad86c6459cf916ba0bfc9d4210a95346d753f4bc7440d78274c4cd1850907a2bf150a1c1b511bf0438494a6aa1a197f787c96b410d866b4cb284f74122ffbb2f5fa7c2c22f935c7e1542ff83f01e3024ee6e3d7fd0fba2754e635c8116a27f15586300d6522979822c1f97038f33c644ef82e9818f4a09388cb9a69514c929e9bc149fd7a26b458d89abb5e3ae1de29ed1f28d613878a24a9296c967339b9c6749f92c720982cb78a120bcf7593c6fbae36f9a06caa384a7e5d3f05442b0a69f72518a76a916968aae56abda54dac318fd726335e95592f80d030ef51aea41d5e348267fcea65e49d8e36e711fedb3fb9ad37d3fdf2185dcc3ff44736d6a0d4b4bd1810f89ec6e0e6b6f58f74d73ddd2a27fcfaf36d1aec6c3769787a1d3b8514487a399e6497bd0bf4c4242868d599aeb2202cae535e8118d478fc43b4c8bfdcf024f36f5d7c9f75c69bc9d4d5414e8bef740bcaf9027dbdb0f47643b984406c9ce1999d7631243c26d6824ae74ab71f536e40e934a5dfea7f5c5d10713c831df6ba168f4080a4b082e94bc23c0807aab7c0bc29f327d185a2a9302cc255aa54764c4eb8ef5b17d640afa30b36572294914d51ac146f87af6f5abd97823724aba25f589e769aa1047e72365e9ee67e7f90e80542cc842aebabc97679dd893075e8a1bd6934ac9e768e20bcf4c2fa29c5f7a103d3ff689c721e08ef1d0ca61ee3e07a815aa943879dd5c406dcff6a946b0a12980620cfb224912e27accbb63b1e2d571c65918c806060dcd08d5cef341e5c5705021ec19605b809a44d2a8f6f27e18f2b8fd268e23706564df5501096fd8f8261e27d5c8b582673f0c76bf78b27f754cddb5b64a33c87841681d8eef2b5abe8a8deabee587189f75b8b518909cd2a6f89910425e8647f25077829f1b400b3abcaeff6f54ccc00f6fb7abeeefe0226e4e2b55fba0925b49be8310fc5a490384e4a5e7216b0fd0c09c00e3327ada8c59eb37443ac9148a9df92b0d4e6851cd93b784d3e0a236d9fe7c483f03d813fc98e632cf6255dc4a70a0458570776509ebfb545f35956c7e32493f6ad886ec858bfc29bffb7f2ae7eed7d83e3075554dd81e72c93f4c2e4dcdb0832e76861b983b17c2a6f887a988e4fd47459fd45134560b5b1bec10c50914f2d7f327a4e68a0c453f067035f243ca01aa22969481d5fb48d1da82f35222c4e8d249625c454159f7b00a85d43414eb5e7c8044922b323f2473af648d1dba5ffff34bd5e023a2fe4860d7568fa4d35ad20c461eb38bced561edcef853dbcdd7b69bb40e9cda525a71a286c956a1268cacad0bc0c79ed7632aedbb8dc78ba1a2adea2b650314072d1ebc08f9753d6d38e53a758ea4700160588e819239711a506f004ec57037cd6efcbb9cee3bba556eaaa008bf8e8390085b85653c7aa006dd836c7ad025bed9dec77a4a00b309776862fca4dd01dff16aa6bd70a876662093b85ffbb07b2f8b4361f5dc635f940571239a71865e8f1a289f449ae9a74266205c8b1fe8a732db502c9ea5e5c379b704d43ef795b40450aa498535803767d2c2cbd2749474d2997e00f37612fcc0ae7322b8c8e2a90cf66ada69bd05b82d5707562b37e40674f0a3f58d9c776a931b8768d5c23f17c5f9135e7a4ce0c6eb356d9fb4a53d112194c19e6f045d2bd44132a70b9ccd7e65d2787899785f7ee9185589136c847347142440e0a405c18ff3f31acb791a805dd281aaf97aee708dcce2f1aa53161b7716fa0978c0d02871637ad7e1af5a158b727a1dfc2ae1aafbb9c516469ee89fa0f1de23a17115ded5e9c560a468c5192943be74aeaba51083ca0379563f1fa78e29eca1eaf849cd00f419ceb59e640248c332c845e68e9a398281b962ae59aa5b18006b6ea6e0c5f1b30665e1fb975da11ed6a47bd44b4241bbf0443f178e8249805cc3f980a4bb2f46baab0a12e9e9b2aaa7e0ca22b2314a9e5ef6412f4efe31381e3d716244af3112444eabbb0c353acafc0f1179ad4c63b81e5f5bfd771591d24e5254fa72e30aa53717c24b49cee71cdd9368e207af5e992a04f06de912cfcfca38732f5c8393d466d209680ebfa5764897f04531138beff3f65691593e334c2ae2825ffa9353e8aeef37b90691ea5c78d7c86124abf6491a068bf03c3467e5e42ca4b58192d17856722207568777141ccbef3f3891708897af9c196be92056527a8da820d28dccaf4dfed4d38fb8fe826b238d31bad751631a0d8b1eabdfa7bffe65241238ff982d21b2222cdd3a536385d0ab2180ccdf4672d0b21156377fe640ee8c8744b9ba1efce91c295e83a4271a34a1f70adbc2ff0aa6ba9e1965061cadcd3d824636bbc1f977c78dde1859d752c86b099705616edf6e94523f108af79ab5073d26f3788c4d56f1b17b764c1bc387e531dab5dd71198c56b02c68552dc1098beec85dc1bbe2dde316e6093a9a33f578d789da9b2a9209ed6e73a0597bc62467afc42f0348c9b885b92f37569a953f6316d5c8b188539474da3836abeae7ec259cf8fd28f02593597e9206e05e8da4f4346aab36f179deb68a9dab9b550d6fe4f0c88563935328a699b9cbb2015be57c28beaf60be499114f04a96a2f7fb3bf3b5b31e422954c96790aa1e49c5bc1946df0df2b4be63c0aac1ddcf187714f6e67a076a823feaeba5db4a99e5f494ec939d1b0ecd23752c08c3b788704612127e7f080ef581b4990accd6dca7ce52844bc7bbc8c8752497c171d8e628c53609a920fb5a1bc740cb05e2035de72f636ef0498ed2f3cccb64d5740afbc30015442ca0511160787b2c763072c70035f7f3bbbd3966bcc80d021ce1482e27681b963a28189c2ee9d64d0622a94eac689d3fc1a4137c4d62a4c73fab4b0175a8ff8fa256118affd94aaeee33b155043f53d9e3d4eb82173df0938c6c3e51c118c1acf187c84f12090ad1dd663013e433455290f87ca88959f9f481e4dd05e6a483abe00f7c974e5ff602a7a6eaa71f8ac06c50afac0c2858b554f59bf88002766a619ae9b0864926d07b273238e1ebd456543f77ea800231dbf4479f0b90fc607", 0x1000}}, 0x1006)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003c0007010000000000000000017c00000400fc800c000180060006000710e0fd547200f3a8800a000009000280cd0170a004000000"], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000006c0)={r1, 0xffffffffffffffff, 0x0, 0x2, &(0x7f00000005c0)='j\x00'}, 0x30)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
vmsplice(r0, &(0x7f0000000540)=[{&(0x7f00000001c0)='=', 0x1}, {&(0x7f0000000300)="08b606d28e14abbe1ab92beb4b77d997bd591d19f1b51e7ef4b18a00615fd4b596c3f94f4ae9c4103463192b17fc5058f54db73b8daf6856063ee16d4a29562f1f8003074a6f9ec5405a9c12646ca7ee1fcd15c56e75ef4ae566", 0x5a}, {&(0x7f0000000380)="daa541ed359dcf06b79816920ac513e4050ac47ca31fcfda328323ad0d32cca3d8ebbdf8a3a7de16795c75f039c4d0b5973e982c80f25b87c6", 0x39}, {&(0x7f00000003c0)="a9d7bc4e245beafd240e66a424954a2b963410170f85926310a2d02546c3c42b5a9d8fc07074348682469b03131cfd08d9cd41f54ef448b1a4dd9022c4a0e7519bfbedcbdd206e3b93adbe5b278852", 0x4f}, {&(0x7f0000000440)="f580fdcb32788006f90f62a74facae0d1abd4a655c122fecb10c8882401f357a21b873ce7bd53f2cb48c72595cb9a8c4990a2d10c48858bd5f53015d1f12123f36ed56ec31a6e9ed4035d8fe2546298ee929dbe710d4c55f5b8651f94c1e4bffba14141c36102329429f238df94247db6df8943b008136cec988c4204e79e15973dab0b09fc58fc31dd1b036c90bc315ecc46d7acd13205025e0", 0x9a}, {&(0x7f0000000500)="0be8674e7079d17348c4713a1924304238cbf2a5a3e2bd1e58443d0844088a32", 0x20}], 0x6, 0xa)
recvfrom(r0, 0x0, 0x0, 0x6667b9fa4a4ed82, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)

8.217290436s ago: executing program 2 (id=844):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
r2 = socket$packet(0x11, 0x2, 0x300)
getsockname$packet(r2, 0x0, &(0x7f0000000140))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, 0x3e, 0x301, 0x270bd26, 0x25dfdc00, {0x3}, [@typed={0x8, 0xfa, 0x0, 0x0, @pid}]}, 0x1c}}, 0x8004)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000180)={"31bd7cd6da5cf8da379908250f4299c093d1ddbd65ef6f54ca5b9187bf97c789", 0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = fcntl$dupfd(r1, 0x406, r0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, &(0x7f00000001c0)={0x48, 0x7, r5, 0x0, 0x2, 0x0, 0x1, 0x33724b, 0x33e4eb})
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000000)=@reiserfs_2={0x8, 0x2, {0x2, 0x5}}, 0xc02)
r6 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x1e28, 0x0, 0x0, 0x28b})
io_uring_register$IORING_REGISTER_FILES(r6, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r7, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8, 0x1b, 0x1000}]}, 0x28}}, 0x0)

8.124976401s ago: executing program 1 (id=845):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0xc0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x30, r0, 0x300, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0xe}, @void, @val={0xc, 0x99, {0x4, 0x45}}}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x9}]}, 0x30}}, 0x44885)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, 0x0, 0xc0042, 0x1fe)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r2 = socket(0x2, 0x2, 0x1)
bind$unix(r2, &(0x7f0000000000)=@abs, 0x6e)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(0x0, r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r4, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x4081}, 0x800)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
sendfile(r1, r1, &(0x7f0000000080)=0x1, 0x4)
r5 = gettid()
process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)

7.443393138s ago: executing program 4 (id=846):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
syz_open_dev$vcsn(&(0x7f0000000b40), 0x1ff, 0x400)
openat(0xffffffffffffff9c, 0x0, 0x40, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x8e000, &(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRESDEC=0x0, @ANYBLOB])
read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4800)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSCAUSE(r6, 0x89e1, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x89a2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fffffff}, [@ldst={0x3, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000180)='syzkaller\x00', 0x5, 0xd2, &(0x7f00000002c0)=""/210}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))

7.432271694s ago: executing program 3 (id=847):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x100000000001, 0x0, 0x1, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0600000004000000030000000500", @ANYBLOB], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r5, 0x0, 0xa0028000}, 0x38)
connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r6, 0x84, 0x77, &(0x7f0000000580)={0x0, 0x3, 0xa, [0xcc, 0x3, 0x9, 0x5, 0x1, 0x8, 0x1, 0x8, 0x2, 0x0]}, &(0x7f00000001c0)=0x1c)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES64=r0, @ANYRESOCT=r3, @ANYBLOB="66334bf5477f3990b7d2438c38992c172bf825f702f5735754bf79"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r7, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646676b942233c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
r8 = open(&(0x7f0000000200)='./file0\x00', 0x393001, 0x124)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r8, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[@ANYBLOB="88000000", @ANYRES16=r9, @ANYBLOB="040028bd7000fedbdf25250000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008c0002000000080001007063690011000200303030303a30303a31302e300000000008008b00", @ANYRES32=r2, @ANYBLOB="0e00010ee780e6ddb1a88526b8006e657464657673696d0000000f0002006e657464657673696d30000008008a00", @ANYRES32, @ANYBLOB], 0x88}, 0x1, 0x0, 0x0, 0x4044058}, 0x20048815)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000600)={r5, 0x0, &(0x7f00000005c0)=""/63}, 0x20)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)

6.188753585s ago: executing program 4 (id=848):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x404, 0x1, 0x80d6})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000)
syz_io_uring_setup(0x1000b7f, &(0x7f0000000180)={0x0, 0x38ab, 0x84, 0x0, 0x1e6}, &(0x7f0000000200), &(0x7f0000000100))
syz_open_procfs(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='initcall_finish\x00', 0xffffffffffffffff, 0x0, 0x1c8}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f)
read$dsp(r2, &(0x7f00000011c0)=""/4117, 0x200021d5)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3, 0x12, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x801)
socket(0x10, 0x3, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793b10d10501200009010203ee08021200010000000009040030004d2f9c00"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)

5.707529497s ago: executing program 3 (id=849):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000200)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="010000000000000000001400000018"], 0x44}}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
rename(0x0, &(0x7f0000000100)='./file0\x00')
ioctl$FS_IOC_GETFSLABEL(r1, 0x400452c8, &(0x7f0000000100))

5.699550157s ago: executing program 1 (id=850):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_SET_MACPARAMS(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_FRAME_RETRIES={0x5, 0x28, 0x5}, @IEEE802154_ATTR_LBT_ENABLED={0x5, 0x22, 0x1}, @IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x4}]}, 0x2c}}, 0x24000080)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0702000000000000000001000000040008802c0004800500030001000000050003000000000200000000000000000500030000000000050003000200000008000100030000000800020001"], 0x54}}, 0x880)

5.526183075s ago: executing program 1 (id=851):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(r2, 0x0)
unshare(0x22020400)
r3 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x5c, 0x0, 0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0xffffffffffffffff, 0x3000})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYRESDEC=r3], 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
futex_waitv(&(0x7f0000001600)=[{0x8, 0x0, 0x82}, {0x8000, 0x0, 0x2}, {0x7, 0x0, 0x82}, {0x40, 0x0, 0x2}, {0x7, 0x0, 0x82}, {0xfffffffffffff800, 0x0, 0x2}, {0xf9, 0x0, 0x2}, {0x400, 0x0, 0x2}, {0xa, 0x0, 0x2}, {0x9a, 0x0}, {0x5, 0x0, 0x2}, {0x8, 0x0, 0x82}, {0x4, 0x0, 0x2}, {0x5, 0x0, 0x2}, {0xfffffffffffffffd, 0x0, 0x2}, {0x9, 0x0, 0x2}, {0xffffffffffffffff, 0x0, 0x2}, {0x1, 0x0, 0x82}, {0x42da45c8, 0x0, 0x82}, {0x5, 0x0, 0x2}, {0x100000000, 0x0, 0x82}, {0x0, 0x0, 0x82}, {0x4f6a0000000, 0x0, 0x2}, {0x7, 0x0, 0x82}, {0xffffffffffffffff, 0x0, 0x82}, {0x7, 0x0, 0x2}, {0xfde0, 0x0, 0x2}, {0x5, 0x0}, {0x5, 0x0, 0x82}, {0xfffffffffffffffb, 0x0, 0x2}, {0xc45e, 0x0, 0x82}, {0xffffffffffff7fff, 0x0, 0x82}, {0xbf, 0x0, 0x82}, {0x6, 0x0, 0x2}, {0xfff, 0x0, 0x82}, {0x349, 0x0, 0x82}, {0x1, 0x0, 0x2}, {0x5, 0x0, 0x80}, {0x1, 0x0, 0x82}, {0x7, 0x0, 0x82}, {0x1, 0x0, 0x2}, {0x2, 0x0, 0x82}, {0x8, 0x0, 0x2}, {0x7, 0x0, 0x2}, {0x4, 0x0, 0x2}, {0x2, 0x0, 0x2}, {0xffffffffffffff00, 0x0, 0x2}, {0x1, 0x0, 0x82}, {0xc1, 0x0, 0x82}, {0x8, 0x0, 0x82}, {0x100000000, 0x0, 0x82}, {0xc, 0x0, 0x82}, {0x3e, 0x0, 0x2}, {0x3a8f, 0x0, 0x24fed80cbff1cd29}], 0x36, 0x0, 0x0, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x840)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0)
getdents64(0xffffffffffffffff, &(0x7f0000000000)=""/49, 0x31)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x2000, 0x0)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
io_uring_enter(r3, 0x47f5, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000ac0)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000ab7f5816ba00ebff2f61080003000000", @ANYRES32=r9, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x24004415}, 0x20000000)

5.235448719s ago: executing program 0 (id=852):
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x4}})
io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x1f, 0x0, 0x0)
r0 = syz_open_dev$I2C(0x0, 0x0, 0x0)
ioctl$I2C_PEC(r0, 0x703, 0x60)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000100)='adfs\x00', 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$sock_int(r3, 0x1, 0x25, &(0x7f0000000300)=0x8, 0x4)
setsockopt$sock_int(r3, 0x1, 0x29, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000001840)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x1ff}], 0x1, 0x40002000, 0x0)
write$binfmt_misc(r3, &(0x7f0000000300), 0x6)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000000)=0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
io_setup(0x7ff, &(0x7f0000000080)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}])

5.212564146s ago: executing program 4 (id=853):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x100000000001, 0x0, 0x1, 0x0)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x3a)
bind$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0600000004000000030000000500", @ANYBLOB], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r3, 0x0, 0xa0028000}, 0x38)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000000)={<r4=>0x0, 0x19}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000580)={r4, 0x3, 0xa, [0xcc, 0x3, 0x9, 0x5, 0x1, 0x8, 0x1, 0x8, 0x2, 0x0]}, &(0x7f00000001c0)=0x1c)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
open(&(0x7f0000000200)='./file0\x00', 0x393001, 0x124)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)

5.171859939s ago: executing program 1 (id=854):
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1a01000000000040c410cf8a000000000001090224000100000000090400000103000000092100000501220500090581030000000000"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4404}, 0x804)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = syz_open_dev$vbi(&(0x7f00000000c0), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f00000002c0)={0x4, @sdr={0x30314247, 0x6}})
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0900000007000000000001"], 0x50)
r3 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01)
r4 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0)
read$hiddev(r4, &(0x7f0000002300)=""/102, 0x66)
write$char_usb(r3, &(0x7f0000000040)="e2", 0x2250)

4.535125552s ago: executing program 4 (id=855):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xc, 0x0, &(0x7f0000000240)="63cd5c1672914cd2d5c5ab9c"})
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r3, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000180)='./control\x00', 0x64000ba6)
inotify_add_watch(r4, &(0x7f0000000180)='./control\x00', 0xa4000960)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0)
write$6lowpan_control(r3, &(0x7f0000000300)='connect aa:aa:aa:aa:aa:11 1', 0x1b)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYBLOB="020100030e0000002cbd70000000000005000600332000000a00000000000000fe800000000000000000000000000018000000000000000005000500000000000a00"/76], 0x70}, 0x1, 0x7}, 0x4000000)
fchown(0xffffffffffffffff, 0xee01, 0x0)
listen(0xffffffffffffffff, 0x50)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010100060000000000002b00000008000300", @ANYRES32=r6, @ANYBLOB="040046000a0034000101010101010000080026006c0900000800270001000000300051"], 0x6c}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)

4.207311919s ago: executing program 2 (id=856):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0xc0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x30, r0, 0x300, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0xe}, @void, @val={0xc, 0x99, {0x4, 0x45}}}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x9}]}, 0x30}}, 0x44885)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, 0x0, 0xc0042, 0x1fe)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r2 = socket(0x2, 0x2, 0x1)
bind$unix(r2, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r4, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x4081}, 0x800)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
sendfile(r1, r1, &(0x7f0000000080)=0x1, 0x4)
r5 = gettid()
process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)

3.830794811s ago: executing program 0 (id=857):
syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/slabinfo\x00', 0x0, 0x0)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x18, &(0x7f0000000080)=0x200, 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x3, @mcast1, 0x4}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
prlimit64(0x0, 0xe, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000380)=0xd)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket(0x40000000015, 0x5, 0x0)
mount$nfs(0x0, 0x0, 0x0, 0x201008, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, 0x0, &(0x7f0000000580))
fchown(r5, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180), 0xc000, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)={0x14, 0x16, 0xf15, 0x0, 0x25dfdbfb, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0)

3.489556128s ago: executing program 2 (id=858):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x100000000001, 0x0, 0x1, 0x0)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000040)=0x9, 0x4)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0600000004000000030000000500", @ANYBLOB], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r3, 0x0, 0xa0028000}, 0x38)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000000)={<r4=>0x0, 0x19}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000580)={r4, 0x3, 0xa, [0xcc, 0x3, 0x9, 0x5, 0x1, 0x8, 0x1, 0x8, 0x2, 0x0]}, &(0x7f00000001c0)=0x1c)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
open(&(0x7f0000000200)='./file0\x00', 0x393001, 0x124)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)

2.679700031s ago: executing program 0 (id=859):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
r2 = socket$packet(0x11, 0x2, 0x300)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, 0x3e, 0x301, 0x270bd26, 0x25dfdc00, {0x3}, [@typed={0x8, 0xfa, 0x0, 0x0, @pid}]}, 0x1c}}, 0x8004)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000180)={"31bd7cd6da5cf8da379908250f4299c093d1ddbd65ef6f54ca5b9187bf97c789", 0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = fcntl$dupfd(r1, 0x406, r0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f00000001c0)={0x48, 0x7, r6, 0x0, 0x2, 0x0, 0x1, 0x33724b, 0x33e4eb})
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000000)=@reiserfs_2={0x8, 0x2, {0x2, 0x5}}, 0xc02)
r7 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x1e28, 0x0, 0x0, 0x28b})
io_uring_register$IORING_REGISTER_FILES(r7, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r8, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_GROUP={0x8, 0x1b, 0x1000}]}, 0x28}}, 0x0)

2.406648692s ago: executing program 3 (id=860):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e000000000000000000180002801400038010"], 0x44}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

2.105244518s ago: executing program 2 (id=861):
r0 = syz_open_procfs(0x0, &(0x7f00000020c0)='cgroup\x00')
read$FUSE(r0, &(0x7f0000000000)={0x2020}, 0x2020)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b0f, &(0x7f0000000000)={'wlan1\x00'})

2.045896643s ago: executing program 3 (id=862):
r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000300)={&(0x7f00000001c0)=[<r1=>0x0], 0x1})
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r2, 0x5453, 0x0)
ioctl$TIOCMBIC(r2, 0x5417, &(0x7f0000000000)=0x97b3)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, <r3=>0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000200)={r1, r3, r4, 0xfffffffd, 0x7, 0x80000003, 0xffffffff, 0x0, 0x1000005, 0xe, 0xd, 0x322})
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000390007010000000000800000037c000093d4fe9cfd0b6a40a8c9b56d748c40788eb745d85e936a8950b7af9848ddb1fb465fd1ea9fa6b36ed71afc54028a7d342da2096c1a2fe5557d"], 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8800}, 0x20040000)
ioctl$VIDIOC_QUERYMENU(r5, 0xc008561c, &(0x7f0000000000)={0x980914, 0x81, @value=0x327})
sendmsg$NFNL_MSG_ACCT_GET(r7, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x90, 0x1, 0x7, 0x201, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFACCT_FILTER={0x3c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x95c0}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x400}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xa01}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x4}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x7}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x7fffffff}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFACCT_FILTER={0x14, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x8}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000800)

1.911998226s ago: executing program 1 (id=863):
r0 = socket(0x1e, 0x4, 0x0)
r1 = gettid()
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0)
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, 0x0, 0x2, {0x3}}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan0\x00'})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000d00)={0x8, {"7894e6e62ce0f10fcdce74f21ad5b47c923d4dec90cefd599912070f341d59a8802e33af9869738f25b2f72093dd0ffa688e8e417c6e0e09b99649818d7caca39e142ef69d9101397854c3f51bde013686a626b2120c03d98c0ad981069188fbbddb88bf41a6b29ed43d1244e6025e1e4a2f40577619ccee39385bfc86461023a7906e5c07d16415140f4ab26db004362c885ef2c9ee82d3dd7e2ac42ca05d81ccea87dc0ec4a8f222013d6d4d0b0c828f3d2e3151dce87bfb335c1ad67bb3323564022ab23a6ba54ca117ca592c8d4227922347ea6f7c9d3dbdbc8d235f2d03e688d5ca7718d60e911534f964bf20359a0057847e7d7fd2cc463784aab2b06ba95512cfc427da44aa73634b0797b9baab391aa176d259c047ee9d346e63903860ab3c571d064509a715c5c4c6edffce9e1701e8291c2d937e3ff18691fe9a665b1a3b717a40205f8efa239b37e6b33f5c8ac28e616f788d0294c8d39ff4a63aaca7d4c578a935dd84850432201081bc1b00c5797847eaff8cecf8af8a60f075b5ff1c3dc9e62f9a3cfc4333a7501dd8badfdc691a9d35d3fc2c0e8f1b21a2c619201004a0d82bace1738ba9ca93e6fbf8ebaa78b5423efb19d3337ad050a7a1a634737a0169921911b277ab235f8b186efd60c3eff58e974a856ba460c5fbd91c1b5c999a7f6b4474560e0c5698085e1ff96381999bf7338dddab4499c6ae315245ecc98d3ca2ebc11214a4115e9205e7d1705591be4029a5e92ae06c02ba39ac70cf1ba082ccee070bf2feafa55ac6e863adb6f89a7475c2dc073058b0f8a52151d8c3ced025463656942bfd257ace6c54bd57985a44cef1c20777db47d12bd34371ef6f537e455b7787e3a853713877fa9465937602ceef8b9439507ab802ea4eaf5ee2ecd710b1840d8b8c995b5904434198abd8f0e830857ed1af53f3bcede9d57afb1cd7ad27bf222a6d1c58286c40d22211a3b2b7b7bbf5923a528fa4d781aaec1f67e013392b17197d2f6ff2d0e68bea94ce57cc516daffdf2348333a8dc596894540aa2a79437d95465fc27627b0e26871d5248c39e1a3badb319d449a7d67145418e1a35cb4bf950a5483d6e80763ea676b89d1f1e2cea20c590c76ae9fb228ffd638ccabdb3830cf944e1cccfb7ba8b1d1f0aabc498155ddda8404ebe2e25cfcfa9058af7d66bef79e592a579d556404ea3f28d6ddb3fdead9123247e23827f729eee41540d0f0e94027d65eee4e7c1c913c634f9abf546388cd2e4b351b16bd97faae3b54f5b2750495619ec36d97a1080564fa30a9f8a2700b77340b5bbd9cc377ee35420b5b762935047af7837e973a9da42ef93c11f145704d041054bcc4680363cbbee16a2bc0eaaa49cfa23330a666dff32daa17a6ea425f1ed2354d0c36893c895a0564e100d3e1385467405ca2706cfb62453faf72b1648727faeffb3c934bc4e48e4ce93af11bff3208cb3843da7ed68451b4af747ef72e2fb78a73990c95097c9504aacddffc5caadeb171e95ad113561144907d361fd28695239f6619360b9d0eead653cc83ab13fc7c0c60237e3363b6f319daa38d792426393e2396404a112ed9e70b378f494d4b540bf9b44d76b347a12c8cdaeed350a85698eb71bd126f75b9aa0ff7435926a4a4ce04e4187eae5a80b1ff56aa7f1b005a9a057b6ace4cf08c404f66c0b31974d151e9a2840ebcbfbfd898e6694b89fe78a68b90551c9d33c14914dceff64a699c1cf1570c2d1f53e905abef9f954fbdd100b1b18f10dbd673bd6c7a9693286cf2dc0ab9919466750aa42ccfa27e9ff4190dd784ec6f2e19270521f98561a959152b16a80f0b1e183375d3886936ae03ff4949777d30481c24bbae918d5fdcc8f46ff05e2370095bc85cde086dc1e32423f21c13c42490fb679462f35dd0c4ef06f8c3f24327af47ea2c73a856f112385094fe138022e308c157adb19b94ed0e8d94b805883318b33b22f371d62f0b764b2a44b65018bef417357aa997ea4ef95a2899963e06a3c553943e14d3364b73919f5e6d8395d56d522f1b19ae37d48f1534d92e4248824adb555281aea2fb317bfb30cdc7d4efada900006f45578a061b19e2eeefffdbf1974a1633182501611724079f926122c1c8fd9b1d8e6302d76ed90616abcfcac478e3b8d3be91eee5f9c653f8fed3afc1eb33d9314aaa021e8b53ab7ba3e59b301a6c757efd95c6661d7d3e8a73cdec7833f4608dc238d8e144a5b0196a9aea6fb30efdfdb05f9529c52af93cd78d857e3cc920bf30b2292380c662890f3679c09aea55c77a75dbb4da338c0fb737a5fc31252d9fa798f9dd70947f6cfa0474a7a835c694dfbb5c678216915d1f04c81d5df8f2efde80fdbce8248525d9b639f394847b9a8c2e7f7288b031df91db059eabb750c1bfe732b78001c2cca0f74cd8873cc2a892d26e1dbd48db297853775c21d68ce1daebee4f4d65bf8e448b1c80da35eaff3295ffe0aef68baff15f7585aba741699c3ed9a62f2c18200e40cbb383b844459ca9636d61645470d4f8b04704b84a7986d816c037d368d807ab936faa842a427cc4987ab506f3f08841195c893f39656547ff62730ec43aa78311d57defe4002301f6b9e1f6573f3a46715e2d1f899480e8bc97f5dfe48ad14df280126998d32dc0a63231584b5ee82d5f90d5ccd3eb3923cee0dfe0eb9b1ac54fd97214ad86c6459cf916ba0bfc9d4210a95346d753f4bc7440d78274c4cd1850907a2bf150a1c1b511bf0438494a6aa1a197f787c96b410d866b4cb284f74122ffbb2f5fa7c2c22f935c7e1542ff83f01e3024ee6e3d7fd0fba2754e635c8116a27f15586300d6522979822c1f97038f33c644ef82e9818f4a09388cb9a69514c929e9bc149fd7a26b458d89abb5e3ae1de29ed1f28d613878a24a9296c967339b9c6749f92c720982cb78a120bcf7593c6fbae36f9a06caa384a7e5d3f05442b0a69f72518a76a916968aae56abda54dac318fd726335e95592f80d030ef51aea41d5e348267fcea65e49d8e36e711fedb3fb9ad37d3fdf2185dcc3ff44736d6a0d4b4bd1810f89ec6e0e6b6f58f74d73ddd2a27fcfaf36d1aec6c3769787a1d3b8514487a399e6497bd0bf4c4242868d599aeb2202cae535e8118d478fc43b4c8bfdcf024f36f5d7c9f75c69bc9d4d5414e8bef740bcaf9027dbdb0f47643b984406c9ce1999d7631243c26d6824ae74ab71f536e40e934a5dfea7f5c5d10713c831df6ba168f4080a4b082e94bc23c0807aab7c0bc29f327d185a2a9302cc255aa54764c4eb8ef5b17d640afa30b36572294914d51ac146f87af6f5abd97823724aba25f589e769aa1047e72365e9ee67e7f90e80542cc842aebabc97679dd893075e8a1bd6934ac9e768e20bcf4c2fa29c5f7a103d3ff689c721e08ef1d0ca61ee3e07a815aa943879dd5c406dcff6a946b0a12980620cfb224912e27accbb63b1e2d571c65918c806060dcd08d5cef341e5c5705021ec19605b809a44d2a8f6f27e18f2b8fd268e23706564df5501096fd8f8261e27d5c8b582673f0c76bf78b27f754cddb5b64a33c87841681d8eef2b5abe8a8deabee587189f75b8b518909cd2a6f89910425e8647f25077829f1b400b3abcaeff6f54ccc00f6fb7abeeefe0226e4e2b55fba0925b49be8310fc5a490384e4a5e7216b0fd0c09c00e3327ada8c59eb37443ac9148a9df92b0d4e6851cd93b784d3e0a236d9fe7c483f03d813fc98e632cf6255dc4a70a0458570776509ebfb545f35956c7e32493f6ad886ec858bfc29bffb7f2ae7eed7d83e3075554dd81e72c93f4c2e4dcdb0832e76861b983b17c2a6f887a988e4fd47459fd45134560b5b1bec10c50914f2d7f327a4e68a0c453f067035f243ca01aa22969481d5fb48d1da82f35222c4e8d249625c454159f7b00a85d43414eb5e7c8044922b323f2473af648d1dba5ffff34bd5e023a2fe4860d7568fa4d35ad20c461eb38bced561edcef853dbcdd7b69bb40e9cda525a71a286c956a1268cacad0bc0c79ed7632aedbb8dc78ba1a2adea2b650314072d1ebc08f9753d6d38e53a758ea4700160588e819239711a506f004ec57037cd6efcbb9cee3bba556eaaa008bf8e8390085b85653c7aa006dd836c7ad025bed9dec77a4a00b309776862fca4dd01dff16aa6bd70a876662093b85ffbb07b2f8b4361f5dc635f940571239a71865e8f1a289f449ae9a74266205c8b1fe8a732db502c9ea5e5c379b704d43ef795b40450aa498535803767d2c2cbd2749474d2997e00f37612fcc0ae7322b8c8e2a90cf66ada69bd05b82d5707562b37e40674f0a3f58d9c776a931b8768d5c23f17c5f9135e7a4ce0c6eb356d9fb4a53d112194c19e6f045d2bd44132a70b9ccd7e65d2787899785f7ee9185589136c847347142440e0a405c18ff3f31acb791a805dd281aaf97aee708dcce2f1aa53161b7716fa0978c0d02871637ad7e1af5a158b727a1dfc2ae1aafbb9c516469ee89fa0f1de23a17115ded5e9c560a468c5192943be74aeaba51083ca0379563f1fa78e29eca1eaf849cd00f419ceb59e640248c332c845e68e9a398281b962ae59aa5b18006b6ea6e0c5f1b30665e1fb975da11ed6a47bd44b4241bbf0443f178e8249805cc3f980a4bb2f46baab0a12e9e9b2aaa7e0ca22b2314a9e5ef6412f4efe31381e3d716244af3112444eabbb0c353acafc0f1179ad4c63b81e5f5bfd771591d24e5254fa72e30aa53717c24b49cee71cdd9368e207af5e992a04f06de912cfcfca38732f5c8393d466d209680ebfa5764897f04531138beff3f65691593e334c2ae2825ffa9353e8aeef37b90691ea5c78d7c86124abf6491a068bf03c3467e5e42ca4b58192d17856722207568777141ccbef3f3891708897af9c196be92056527a8da820d28dccaf4dfed4d38fb8fe826b238d31bad751631a0d8b1eabdfa7bffe65241238ff982d21b2222cdd3a536385d0ab2180ccdf4672d0b21156377fe640ee8c8744b9ba1efce91c295e83a4271a34a1f70adbc2ff0aa6ba9e1965061cadcd3d824636bbc1f977c78dde1859d752c86b099705616edf6e94523f108af79ab5073d26f3788c4d56f1b17b764c1bc387e531dab5dd71198c56b02c68552dc1098beec85dc1bbe2dde316e6093a9a33f578d789da9b2a9209ed6e73a0597bc62467afc42f0348c9b885b92f37569a953f6316d5c8b188539474da3836abeae7ec259cf8fd28f02593597e9206e05e8da4f4346aab36f179deb68a9dab9b550d6fe4f0c88563935328a699b9cbb2015be57c28beaf60be499114f04a96a2f7fb3bf3b5b31e422954c96790aa1e49c5bc1946df0df2b4be63c0aac1ddcf187714f6e67a076a823feaeba5db4a99e5f494ec939d1b0ecd23752c08c3b788704612127e7f080ef581b4990accd6dca7ce52844bc7bbc8c8752497c171d8e628c53609a920fb5a1bc740cb05e2035de72f636ef0498ed2f3cccb64d5740afbc30015442ca0511160787b2c763072c70035f7f3bbbd3966bcc80d021ce1482e27681b963a28189c2ee9d64d0622a94eac689d3fc1a4137c4d62a4c73fab4b0175a8ff8fa256118affd94aaeee33b155043f53d9e3d4eb82173df0938c6c3e51c118c1acf187c84f12090ad1dd663013e433455290f87ca88959f9f481e4dd05e6a483abe00f7c974e5ff602a7a6eaa71f8ac06c50afac0c2858b554f59bf88002766a619ae9b0864926d07b273238e1ebd456543f77ea800231dbf4479f0b90fc607", 0x1000}}, 0x1006)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003c0007010000000000000000017c00000400fc800c000180060006000710e0fd547200f3a8800a000009000280cd0170a004000000"], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000006c0)={r1, 0xffffffffffffffff, 0x0, 0x2, &(0x7f00000005c0)='j\x00'}, 0x30)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
vmsplice(r0, &(0x7f0000000540)=[{&(0x7f00000001c0)='=', 0x1}, {&(0x7f0000000300)="08b606d28e14abbe1ab92beb4b77d997bd591d19f1b51e7ef4b18a00615fd4b596c3f94f4ae9c4103463192b17fc5058f54db73b8daf6856063ee16d4a29562f1f8003074a6f9ec5405a9c12646ca7ee1fcd15c56e75ef4ae566", 0x5a}, {&(0x7f0000000380)="daa541ed359dcf06b79816920ac513e4050ac47ca31fcfda328323ad0d32cca3d8ebbdf8a3a7de16795c75f039c4d0b5973e982c80f25b87c6", 0x39}, {&(0x7f00000003c0)="a9d7bc4e245beafd240e66a424954a2b963410170f85926310a2d02546c3c42b5a9d8fc07074348682469b03131cfd08d9cd41f54ef448b1a4dd9022c4a0e7519bfbedcbdd206e3b93adbe5b278852", 0x4f}, {&(0x7f0000000440)="f580fdcb32788006f90f62a74facae0d1abd4a655c122fecb10c8882401f357a21b873ce7bd53f2cb48c72595cb9a8c4990a2d10c48858bd5f53015d1f12123f36ed56ec31a6e9ed4035d8fe2546298ee929dbe710d4c55f5b8651f94c1e4bffba14141c36102329429f238df94247db6df8943b008136cec988c4204e79e15973dab0b09fc58fc31dd1b036c90bc315ecc46d7acd13205025e0", 0x9a}, {&(0x7f0000000500)="0be8674e7079d17348c4713a1924304238cbf2a5a3e2bd1e58443d0844088a32", 0x20}], 0x6, 0xa)
recvfrom(r0, 0x0, 0x0, 0x6667b9fa4a4ed82, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)

1.638554923s ago: executing program 3 (id=864):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905", @ANYRES64], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000280), 0x10002, 0x0)
r1 = syz_io_uring_setup(0x190c, &(0x7f0000000340)={0x0, 0xb044, 0x20000, 0x2000}, 0x0, &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x2, 0x0, @fd_index=0x3})
bind$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e22, 0x800, @empty, 0x5}, 0x1c)
r3 = socket$inet_icmp(0x2, 0x2, 0x1)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$tipc(r8, 0x0, 0x0)
dup2(r9, r8)
r10 = getpid()
r11 = syz_open_procfs(r10, &(0x7f0000000140)='personality\x00')
read$watch_queue(r11, &(0x7f0000000000)=""/164, 0xa4)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, 0x0, 0x1)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

1.023776397s ago: executing program 2 (id=865):
r0 = socket$pppoe(0x18, 0x1, 0x0)
syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff)
socket$l2tp6(0xa, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000001c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000100)=[{&(0x7f00000002c0)="a2b4ad1b", 0x4}], 0x1)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pipe(&(0x7f00000007c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r3)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x4e21, @local}}, 0x0, 0x20000000005, 0x21}, 0xd8)
bind$inet(r4, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x2400c729, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10)
splice(r2, 0x0, r3, 0x0, 0xfffd, 0x0)
ioctl$PPPOEIOCSFWD(r0, 0x40047452, 0x0)

843.828153ms ago: executing program 1 (id=866):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', 0x0})
syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d0009058223"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x4)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000380)={0xaa, 0x564})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/236, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/66})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000180)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x14)

0s ago: executing program 2 (id=867):
r0 = socket$pppoe(0x18, 0x1, 0x0)
syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff)
socket$l2tp6(0xa, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000001c0), 0x2, 0x141102)
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
writev(r1, &(0x7f0000000100)=[{&(0x7f00000002c0)="a2b4ad1b722505", 0x7}], 0x1)
writev(r1, 0x0, 0x0)
pipe(&(0x7f00000007c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000200000000000000000000000850000004100000095000000000000004be98911ed5a3cf4451d51e400827eef4df9eb3fd52b8f0a456c3a6cfd127868ad3fe3f9a9b946c97f9fc091e4c3f4b0a0d7ed298717a480c48868562f04005972b6a5265519fee4cb1b8b93f0b164770fd40c7a8060ce72beff7cda177e28a1a97b2c8c56a3f15b2f7a9b7ae2cf52d08555d3c3315e95095217bff8c9441a45fd00000000000000979ed4e35d21d13d428af521c553b9420385390207dc1634aee0244045e5c380e6090329d37b29a56c16d5c7bee160b91246bd2c205047bd92581165c774b1fd46072c161f1d33e6d5c1a5db7a714e3ed5468408f279bd9f98ec3c5ffd79cd37810f03000000b65d147fa05253a600adfb03775847b220369339529d434f3190c81c3dd501a780cfaaaa916c8a33ee4b52d18e160428893f33d206d3a7195e7f69c831099bdc940000aa2c2e61509bf6c58b100000000000000000000000005e3210346531c1eb14fbec6eb35d6f3e3853512c6bf186bd8b"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x4e21, @local}}, 0x0, 0x20000000005, 0x21}, 0xd8)
bind$inet(r4, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x2400c729, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10)
splice(r2, 0x0, r3, 0x0, 0xfffd, 0x0)
ioctl$PPPOEIOCSFWD(r0, 0x40047452, 0x0)

kernel console output (not intermixed with test programs):

one_qstr_excl+0x3e/0x120
[  154.824142][ T6864]  do_unlinkat+0x284/0x6a0
[  154.824154][ T6864]  ? __pfx_do_unlinkat+0x10/0x10
[  154.824171][ T6864]  ? getname_flags.part.0+0x1c5/0x550
[  154.824186][ T6864]  __x64_sys_unlink+0xc5/0x110
[  154.824197][ T6864]  do_syscall_64+0xcd/0x4c0
[  154.824210][ T6864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.824221][ T6864] RIP: 0033:0x7ff09f18e9a9
[  154.824231][ T6864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.824241][ T6864] RSP: 002b:00007ff0a004e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[  154.824252][ T6864] RAX: ffffffffffffffda RBX: 00007ff09f3b5fa0 RCX: 00007ff09f18e9a9
[  154.824259][ T6864] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000280
[  154.824266][ T6864] RBP: 00007ff0a004e090 R08: 0000000000000000 R09: 0000000000000000
[  154.824272][ T6864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.824278][ T6864] R13: 0000000000000000 R14: 00007ff09f3b5fa0 R15: 00007ffd1cc91098
[  154.824293][ T6864]  </TASK>
[  154.824741][ T6864] overlayfs: failed inode index lookup (ino=296, key=00fb210001a27715564ffd4b098070ecb7a3ba295be70096b42801000000000000, err=-12);
[  154.824741][ T6864] overlayfs: mount with '-o index=off' to disable inodes index.
[  155.536051][  T974] usb 5-1: USB disconnect, device number 4
[  155.584167][ T6871] syz.1.257: attempt to access beyond end of device
[  155.584167][ T6871] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  156.030175][  T974] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  156.193696][  T974] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  156.211810][ T5154] Bluetooth: hci4: unexpected event for opcode 0x0809
[  156.224132][  T974] visor 5-1:1.0: device disconnected
[  157.157781][ T6880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.260'.
[  157.271223][ T6888] wireguard0: entered promiscuous mode
[  157.291600][ T6888] wireguard0: entered allmulticast mode
[  157.368372][ T6892] wireguard0: entered promiscuous mode
[  157.476555][ T6892] wireguard0: entered allmulticast mode
[  159.210001][ T6912] netlink: 12 bytes leftover after parsing attributes in process `syz.1.271'.
[  159.908254][ T6909] netlink: 12 bytes leftover after parsing attributes in process `syz.0.269'.
[  160.829224][ T6909] IPVS: persistence engine module ip_vs_pe_   not found
[  161.043316][ T6921] netlink: 5364 bytes leftover after parsing attributes in process `syz.2.273'.
[  161.135394][ T6934] FAULT_INJECTION: forcing a failure.
[  161.135394][ T6934] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  161.149234][ T6934] CPU: 0 UID: 0 PID: 6934 Comm: syz.1.274 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  161.149261][ T6934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  161.149272][ T6934] Call Trace:
[  161.149279][ T6934]  <TASK>
[  161.149286][ T6934]  dump_stack_lvl+0x16c/0x1f0
[  161.149310][ T6934]  should_fail_ex+0x512/0x640
[  161.149344][ T6934]  should_fail_alloc_page+0xe7/0x130
[  161.149366][ T6934]  prepare_alloc_pages+0x3c2/0x610
[  161.149395][ T6934]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  161.149435][ T6934]  ? __lock_acquire+0x622/0x1c90
[  161.149458][ T6934]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  161.149501][ T6934]  ? filemap_get_entry+0x1a7/0x3b0
[  161.149524][ T6934]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  161.149549][ T6934]  ? policy_nodemask+0xea/0x4e0
[  161.149572][ T6934]  alloc_pages_mpol+0x1fb/0x550
[  161.149593][ T6934]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  161.149612][ T6934]  ? _raw_spin_unlock+0x28/0x50
[  161.149638][ T6934]  ? swap_entry_swapped+0x122/0x190
[  161.149656][ T6934]  ? __pfx_swap_entry_swapped+0x10/0x10
[  161.149679][ T6934]  folio_alloc_mpol_noprof+0x36/0x2f0
[  161.149704][ T6934]  __read_swap_cache_async+0x3b6/0x5a0
[  161.149735][ T6934]  ? __pfx___read_swap_cache_async+0x10/0x10
[  161.149761][ T6934]  ? swp_swap_info+0xce/0x130
[  161.149781][ T6934]  ? __pfx_swp_swap_info+0x10/0x10
[  161.149802][ T6934]  ? _raw_spin_unlock_irq+0x23/0x50
[  161.149833][ T6934]  swap_cluster_readahead+0x3eb/0x710
[  161.149867][ T6934]  ? __pfx_swap_cluster_readahead+0x10/0x10
[  161.149898][ T6934]  ? __pfx_workingset_update_node+0x10/0x10
[  161.149947][ T6934]  ? get_vma_policy+0x242/0x3c0
[  161.149970][ T6934]  swapin_readahead+0x13a/0xd60
[  161.150006][ T6934]  ? __pfx_swapin_readahead+0x10/0x10
[  161.150032][ T6934]  ? __filemap_get_folio+0x32b/0xc30
[  161.150058][ T6934]  ? swap_cache_get_folio+0x1df/0x450
[  161.150086][ T6934]  ? __pfx_swap_cache_get_folio+0x10/0x10
[  161.150110][ T6934]  ? __pfx_get_swap_device+0x10/0x10
[  161.150141][ T6934]  ? do_swap_page+0x125/0x65c0
[  161.150167][ T6934]  do_swap_page+0x635/0x65c0
[  161.150192][ T6934]  ? __lock_acquire+0x622/0x1c90
[  161.150220][ T6934]  ? __pfx_do_swap_page+0x10/0x10
[  161.150245][ T6934]  ? __pfx_default_wake_function+0x10/0x10
[  161.150273][ T6934]  ? __lock_acquire+0xb8a/0x1c90
[  161.150293][ T6934]  ? rcu_is_watching+0x12/0xc0
[  161.150317][ T6934]  ? ___pte_offset_map+0x1d5/0x570
[  161.150344][ T6934]  __handle_mm_fault+0x162f/0x5490
[  161.150378][ T6934]  ? __pfx___handle_mm_fault+0x10/0x10
[  161.150403][ T6934]  ? __pte_offset_map_lock+0x174/0x310
[  161.150424][ T6934]  ? find_held_lock+0x2b/0x80
[  161.150447][ T6934]  ? find_held_lock+0x2b/0x80
[  161.150478][ T6934]  ? follow_page_pte+0x3af/0x14c0
[  161.150509][ T6934]  handle_mm_fault+0x589/0xd10
[  161.150541][ T6934]  __get_user_pages+0x589/0x3b80
[  161.150573][ T6934]  ? __pfx_mt_find+0x10/0x10
[  161.150595][ T6934]  ? __pfx___get_user_pages+0x10/0x10
[  161.150629][ T6934]  populate_vma_page_range+0x278/0x3a0
[  161.150655][ T6934]  ? __pfx_populate_vma_page_range+0x10/0x10
[  161.150678][ T6934]  ? __pfx_find_vma_intersection+0x10/0x10
[  161.150702][ T6934]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[  161.150735][ T6934]  __mm_populate+0x1d8/0x380
[  161.150760][ T6934]  ? __pfx___mm_populate+0x10/0x10
[  161.150787][ T6934]  ? up_write+0x1b2/0x520
[  161.150811][ T6934]  do_mlock+0x448/0x810
[  161.150843][ T6934]  ? __fget_files+0x20e/0x3c0
[  161.150862][ T6934]  ? __pfx_do_mlock+0x10/0x10
[  161.150896][ T6934]  ? fput+0x70/0xf0
[  161.150916][ T6934]  ? ksys_write+0x1ac/0x250
[  161.150944][ T6934]  ? __pfx_ksys_write+0x10/0x10
[  161.150978][ T6934]  __x64_sys_mlock+0x59/0x80
[  161.151005][ T6934]  do_syscall_64+0xcd/0x4c0
[  161.151028][ T6934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.151048][ T6934] RIP: 0033:0x7f7782f8e9a9
[  161.151066][ T6934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.151084][ T6934] RSP: 002b:00007f7783e3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  161.151103][ T6934] RAX: ffffffffffffffda RBX: 00007f77831b6160 RCX: 00007f7782f8e9a9
[  161.151117][ T6934] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000
[  161.151129][ T6934] RBP: 00007f7783e3c090 R08: 0000000000000000 R09: 0000000000000000
[  161.151141][ T6934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.151153][ T6934] R13: 0000000000000000 R14: 00007f77831b6160 R15: 00007ffe920ffc18
[  161.151181][ T6934]  </TASK>
[  161.959407][ T5830] Bluetooth: hci4: command 0x0405 tx timeout
[  163.308710][ T6943] capability: warning: `syz.3.277' uses deprecated v2 capabilities in a way that may be insecure
[  163.405608][ T6945] FAULT_INJECTION: forcing a failure.
[  163.405608][ T6945] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.488426][ T6945] CPU: 0 UID: 0 PID: 6945 Comm: syz.2.278 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  163.488456][ T6945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  163.488468][ T6945] Call Trace:
[  163.488474][ T6945]  <TASK>
[  163.488482][ T6945]  dump_stack_lvl+0x16c/0x1f0
[  163.488506][ T6945]  should_fail_ex+0x512/0x640
[  163.488539][ T6945]  _copy_from_user+0x2e/0xd0
[  163.488559][ T6945]  copy_msghdr_from_user+0x98/0x160
[  163.488579][ T6945]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  163.488602][ T6945]  ? kfree+0x24f/0x4d0
[  163.488625][ T6945]  ? __pfx__kstrtoull+0x10/0x10
[  163.488654][ T6945]  ___sys_sendmsg+0xfe/0x1d0
[  163.488675][ T6945]  ? __pfx____sys_sendmsg+0x10/0x10
[  163.488716][ T6945]  ? __pfx___might_resched+0x10/0x10
[  163.488747][ T6945]  __sys_sendmmsg+0x200/0x420
[  163.488770][ T6945]  ? __pfx___sys_sendmmsg+0x10/0x10
[  163.488798][ T6945]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  163.488831][ T6945]  ? fput+0x70/0xf0
[  163.488851][ T6945]  ? ksys_write+0x1ac/0x250
[  163.488877][ T6945]  ? __pfx_ksys_write+0x10/0x10
[  163.488908][ T6945]  __x64_sys_sendmmsg+0x9c/0x100
[  163.488926][ T6945]  ? lockdep_hardirqs_on+0x7c/0x110
[  163.488961][ T6945]  do_syscall_64+0xcd/0x4c0
[  163.488982][ T6945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.489001][ T6945] RIP: 0033:0x7ff09f18e9a9
[  163.489018][ T6945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.489035][ T6945] RSP: 002b:00007ff0a004e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  163.489053][ T6945] RAX: ffffffffffffffda RBX: 00007ff09f3b5fa0 RCX: 00007ff09f18e9a9
[  163.489066][ T6945] RDX: 0000000000000002 RSI: 0000200000000280 RDI: 0000000000000003
[  163.489078][ T6945] RBP: 00007ff0a004e090 R08: 0000000000000000 R09: 0000000000000000
[  163.489090][ T6945] R10: 0000000020004086 R11: 0000000000000246 R12: 0000000000000001
[  163.489102][ T6945] R13: 0000000000000000 R14: 00007ff09f3b5fa0 R15: 00007ffd1cc91098
[  163.489128][ T6945]  </TASK>
[  164.117496][   T30] kauditd_printk_skb: 106 callbacks suppressed
[  164.117513][   T30] audit: type=1326 audit(1753396841.004:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.1.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7782f8e9a9 code=0x7ffc0000
[  164.187723][   T30] audit: type=1326 audit(1753396841.034:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.1.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7782f8e9a9 code=0x7ffc0000
[  164.216212][  T974] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  164.273151][   T30] audit: type=1326 audit(1753396841.034:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.1.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f7782f8e9a9 code=0x7ffc0000
[  164.319095][   T30] audit: type=1326 audit(1753396841.034:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.1.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7782f8e9a9 code=0x7ffc0000
[  164.396685][  T974] usb 4-1: Using ep0 maxpacket: 16
[  164.406956][  T974] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  164.421496][  T974] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  164.432294][  T974] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 32
[  164.448701][   T30] audit: type=1326 audit(1753396841.034:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.1.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7782f8e9a9 code=0x7ffc0000
[  164.485163][  T974] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  164.494782][  T974] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.529975][  T974] usb 4-1: Product: 솒ꪥ융②렜㇩甀痊岒呺뙭⓬駋䶹觌侚埊ូ뗱Σ焹띑订ﵠ㓉৉暪ᚆ郠﮼ぷ⠀
[  164.533765][   T30] audit: type=1326 audit(1753396841.044:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.1.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f7782f8e9a9 code=0x7ffc0000
[  164.574791][  T974] usb 4-1: Manufacturer: 英Ề阂聱ꓛ丅푒御䀣഼蠀馟蝤ϜҼ繮Ở쉲❵華뷳䥌ጵ䝋Ⱙ☗퍍ࣝ䣚鴕왁ᯄ渵꧟。ザ煳⤓䈪掎ḑ쵦퀹䂺葴ू䂑ͳ㯌㗙晪艪灨㇃틎▰滲稼W煹浶剅䱚杵ꠢ憣ḕ䖯凥훇
[  164.615285][  T974] usb 4-1: SerialNumber: В
[  164.676148][   T30] audit: type=1326 audit(1753396841.044:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.1.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7782f8e9a9 code=0x7ffc0000
[  164.701547][   T30] audit: type=1326 audit(1753396841.044:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.1.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7782f8e9a9 code=0x7ffc0000
[  164.724931][   T30] audit: type=1326 audit(1753396841.044:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.1.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f7782f8e9a9 code=0x7ffc0000
[  164.820444][ T6957] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  164.835476][   T30] audit: type=1326 audit(1753396841.044:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.1.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7782f8e9a9 code=0x7ffc0000
[  164.870259][ T6957] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  166.917994][  T974] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  166.935652][  T974] usb 4-1: USB disconnect, device number 5
[  167.481012][  T974] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  167.938312][  T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  167.953772][  T974] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  168.024407][  T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.078621][  T974] usb 5-1: config 0 descriptor??
[  168.500924][  T974] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor
[  168.718917][ T6985] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.030638][ T6985] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.054852][ T7009] netlink: 12 bytes leftover after parsing attributes in process `syz.1.295'.
[  169.106531][  T974] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0003/input/input9
[  169.319319][  T974] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[  169.357053][ T7009] IPVS: persistence engine module ip_vs_pe_   not found
[  169.517722][ T7016] netlink: 4 bytes leftover after parsing attributes in process `syz.2.297'.
[  169.536001][  T974] usb 5-1: USB disconnect, device number 5
[  169.549892][ T7013] wireguard0: entered promiscuous mode
[  169.563899][ T7013] wireguard0: entered allmulticast mode
[  169.806618][ T5837] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  169.825759][ T7020] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  170.186239][ T5837] usb 3-1: Using ep0 maxpacket: 32
[  170.258217][ T5837] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  170.269360][ T5837] usb 3-1: config 0 has no interface number 0
[  170.285355][ T5837] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  170.296776][ T5837] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.343426][ T5837] usb 3-1: Product: syz
[  170.352639][ T5837] usb 3-1: Manufacturer: syz
[  170.360131][ T5837] usb 3-1: SerialNumber: syz
[  170.367171][ T5837] usb 3-1: config 0 descriptor??
[  170.384055][ T5837] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  170.396553][ T5837] usb 3-1: selecting invalid altsetting 1
[  170.402560][ T5837] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  170.417562][ T5837] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  170.429844][ T5837] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  170.442901][ T5837] usb 3-1: media controller created
[  170.471280][ T5837] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  170.605327][ T5837] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  170.657083][ T5837] zl10353_read_register: readreg error (reg=127, ret==-71)
[  170.679786][ T5837] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  171.131953][ T5837] usb 3-1: USB disconnect, device number 6
[  172.617388][    C0] Unknown status report in ack skb
[  172.636543][ T7044] veth0: entered promiscuous mode
[  172.679345][ T7043] veth0: left promiscuous mode
[  173.088810][  T974] usb 2-1: new low-speed USB device number 13 using dummy_hcd
[  173.692855][   T30] kauditd_printk_skb: 107 callbacks suppressed
[  173.692871][   T30] audit: type=1400 audit(1753396850.574:692): avc:  denied  { relabelfrom } for  pid=7054 comm="syz.4.303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  173.719215][   T30] audit: type=1400 audit(1753396850.574:693): avc:  denied  { relabelto } for  pid=7054 comm="syz.4.303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  173.739355][   T30] audit: type=1400 audit(1753396850.574:694): avc:  denied  { attach_queue } for  pid=7054 comm="syz.4.303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  173.767310][  T974] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  173.775703][  T974] usb 2-1: config 0 has no interface number 0
[  173.782668][  T974] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  173.794791][  T974] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 9, setting to 8
[  173.816437][  T974] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  173.831541][  T974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.849640][  T974] usb 2-1: config 0 descriptor??
[  173.855628][ T7050] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  173.965843][  T974] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  174.182086][ T7069] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  174.366513][    C1] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1
[  174.382763][ T5945] usb 2-1: USB disconnect, device number 13
[  174.577029][ T7076] netlink: 12 bytes leftover after parsing attributes in process `syz.0.312'.
[  175.166417][   T30] audit: type=1400 audit(1753396851.534:695): avc:  denied  { create } for  pid=7078 comm="syz.3.313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  175.313451][   T30] audit: type=1400 audit(1753396852.194:696): avc:  denied  { connect } for  pid=7078 comm="syz.3.313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  176.059928][   T30] audit: type=1326 audit(1753396852.944:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7091 comm="syz.1.315" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7782f8e9a9 code=0x0
[  176.315976][ T5945] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  176.465991][ T5945] usb 5-1: Using ep0 maxpacket: 8
[  176.479935][ T5945] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 17
[  176.498277][ T5945] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07
[  176.508701][ T5945] usb 5-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60
[  176.529694][ T5945] usb 5-1: Product: syz
[  176.546191][ T5945] usb 5-1: Manufacturer: syz
[  176.556274][ T5945] usb 5-1: SerialNumber: syz
[  176.578681][ T5945] usb 5-1: config 0 descriptor??
[  176.901990][ T5945] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  176.918408][ T5945] gspca_sunplus: reg_w_riv err -71
[  176.923766][ T5945] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  177.109074][   T30] audit: type=1400 audit(1753396853.884:698): avc:  denied  { read } for  pid=7097 comm="syz.3.316" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  177.322019][ T5945] usb 5-1: USB disconnect, device number 6
[  177.458249][   T30] audit: type=1400 audit(1753396853.884:699): avc:  denied  { open } for  pid=7097 comm="syz.3.316" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  177.489384][   T30] audit: type=1400 audit(1753396853.894:700): avc:  denied  { ioctl } for  pid=7097 comm="syz.3.316" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  177.713251][   T30] audit: type=1400 audit(1753396854.594:701): avc:  denied  { ioctl } for  pid=7101 comm="syz.1.318" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  178.765217][ T7111] dvmrp0: entered allmulticast mode
[  180.019964][ T7130] FAULT_INJECTION: forcing a failure.
[  180.019964][ T7130] name failslab, interval 1, probability 0, space 0, times 0
[  180.094957][ T7130] CPU: 0 UID: 0 PID: 7130 Comm: syz.1.325 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  180.094988][ T7130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  180.095013][ T7130] Call Trace:
[  180.095020][ T7130]  <TASK>
[  180.095028][ T7130]  dump_stack_lvl+0x16c/0x1f0
[  180.095051][ T7130]  should_fail_ex+0x512/0x640
[  180.095080][ T7130]  ? fs_reclaim_acquire+0xae/0x150
[  180.095105][ T7130]  ? tomoyo_encode2+0x100/0x3e0
[  180.095123][ T7130]  should_failslab+0xc2/0x120
[  180.095142][ T7130]  __kmalloc_noprof+0xd2/0x510
[  180.095170][ T7130]  ? d_absolute_path+0x136/0x1a0
[  180.095199][ T7130]  tomoyo_encode2+0x100/0x3e0
[  180.095222][ T7130]  tomoyo_encode+0x29/0x50
[  180.095240][ T7130]  tomoyo_realpath_from_path+0x18f/0x6e0
[  180.095268][ T7130]  tomoyo_path_number_perm+0x245/0x580
[  180.095295][ T7130]  ? tomoyo_path_number_perm+0x237/0x580
[  180.095325][ T7130]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  180.095354][ T7130]  ? find_held_lock+0x2b/0x80
[  180.095410][ T7130]  ? find_held_lock+0x2b/0x80
[  180.095433][ T7130]  ? hook_file_ioctl_common+0x145/0x410
[  180.095472][ T7130]  ? __fget_files+0x20e/0x3c0
[  180.095496][ T7130]  security_file_ioctl+0x9b/0x240
[  180.095517][ T7130]  __x64_sys_ioctl+0xb7/0x210
[  180.095545][ T7130]  do_syscall_64+0xcd/0x4c0
[  180.095566][ T7130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.095586][ T7130] RIP: 0033:0x7f7782f8e9a9
[  180.095602][ T7130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.095620][ T7130] RSP: 002b:00007f7783e7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  180.095639][ T7130] RAX: ffffffffffffffda RBX: 00007f77831b5fa0 RCX: 00007f7782f8e9a9
[  180.095656][ T7130] RDX: 0000200000000800 RSI: 00000000c0205648 RDI: 0000000000000003
[  180.095668][ T7130] RBP: 00007f7783e7e090 R08: 0000000000000000 R09: 0000000000000000
[  180.095680][ T7130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  180.095691][ T7130] R13: 0000000000000000 R14: 00007f77831b5fa0 R15: 00007ffe920ffc18
[  180.095717][ T7130]  </TASK>
[  180.095735][ T7130] ERROR: Out of memory at tomoyo_realpath_from_path.
[  180.832021][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  180.832037][   T30] audit: type=1326 audit(1753396857.704:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7142 comm="syz.2.329" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff09f18e9a9 code=0x0
[  180.975931][ T7150] FAULT_INJECTION: forcing a failure.
[  180.975931][ T7150] name failslab, interval 1, probability 0, space 0, times 0
[  181.001929][ T7150] CPU: 1 UID: 0 PID: 7150 Comm: syz.4.333 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  181.001958][ T7150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  181.001969][ T7150] Call Trace:
[  181.001975][ T7150]  <TASK>
[  181.001983][ T7150]  dump_stack_lvl+0x16c/0x1f0
[  181.002007][ T7150]  should_fail_ex+0x512/0x640
[  181.002034][ T7150]  ? fs_reclaim_acquire+0xae/0x150
[  181.002077][ T7150]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  181.002097][ T7150]  should_failslab+0xc2/0x120
[  181.002116][ T7150]  __kmalloc_noprof+0xd2/0x510
[  181.002152][ T7150]  tomoyo_realpath_from_path+0xc2/0x6e0
[  181.002175][ T7150]  ? tomoyo_profile+0x47/0x60
[  181.002200][ T7150]  tomoyo_path_number_perm+0x245/0x580
[  181.002225][ T7150]  ? tomoyo_path_number_perm+0x237/0x580
[  181.002254][ T7150]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  181.002283][ T7150]  ? find_held_lock+0x2b/0x80
[  181.002335][ T7150]  ? find_held_lock+0x2b/0x80
[  181.002358][ T7150]  ? hook_file_ioctl_common+0x145/0x410
[  181.002388][ T7150]  ? __fget_files+0x20e/0x3c0
[  181.002411][ T7150]  security_file_ioctl+0x9b/0x240
[  181.002433][ T7150]  __x64_sys_ioctl+0xb7/0x210
[  181.002461][ T7150]  do_syscall_64+0xcd/0x4c0
[  181.002483][ T7150]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.002504][ T7150] RIP: 0033:0x7f943498e9a9
[  181.002521][ T7150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.002539][ T7150] RSP: 002b:00007f9435815038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  181.002558][ T7150] RAX: ffffffffffffffda RBX: 00007f9434bb5fa0 RCX: 00007f943498e9a9
[  181.002571][ T7150] RDX: 00002000000005c0 RSI: 00000000c038563c RDI: 0000000000000003
[  181.002583][ T7150] RBP: 00007f9435815090 R08: 0000000000000000 R09: 0000000000000000
[  181.002595][ T7150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  181.002607][ T7150] R13: 0000000000000000 R14: 00007f9434bb5fa0 R15: 00007ffd568816c8
[  181.002636][ T7150]  </TASK>
[  181.002649][ T7150] ERROR: Out of memory at tomoyo_realpath_from_path.
[  181.237824][ T7152] wireguard1: entered promiscuous mode
[  181.252125][ T7152] wireguard1: entered allmulticast mode
[  181.389942][   T30] audit: type=1400 audit(1753396858.274:707): avc:  denied  { read } for  pid=7159 comm="syz.4.336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  181.412255][ T7162] netlink: 256 bytes leftover after parsing attributes in process `syz.1.337'.
[  181.874203][ T7169] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  181.897384][ T7169] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  181.903711][ T7169] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  181.910264][ T7169] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  181.916695][ T7169] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  182.834767][ T7179] FAULT_INJECTION: forcing a failure.
[  182.834767][ T7179] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.879736][ T7179] CPU: 1 UID: 0 PID: 7179 Comm: syz.1.341 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  182.879766][ T7179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  182.879778][ T7179] Call Trace:
[  182.879785][ T7179]  <TASK>
[  182.879793][ T7179]  dump_stack_lvl+0x16c/0x1f0
[  182.879819][ T7179]  should_fail_ex+0x512/0x640
[  182.879854][ T7179]  _copy_to_user+0x32/0xd0
[  182.879876][ T7179]  simple_read_from_buffer+0xcb/0x170
[  182.879907][ T7179]  proc_fail_nth_read+0x197/0x270
[  182.879933][ T7179]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  182.879959][ T7179]  ? rw_verify_area+0xcf/0x680
[  182.879984][ T7179]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  182.880008][ T7179]  vfs_read+0x1e1/0xc60
[  182.880037][ T7179]  ? __pfx___mutex_lock+0x10/0x10
[  182.880054][ T7179]  ? __pfx_vfs_read+0x10/0x10
[  182.880089][ T7179]  ? __fget_files+0x20e/0x3c0
[  182.880114][ T7179]  ksys_read+0x12a/0x250
[  182.880139][ T7179]  ? __pfx_ksys_read+0x10/0x10
[  182.880181][ T7179]  do_syscall_64+0xcd/0x4c0
[  182.880202][ T7179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.880222][ T7179] RIP: 0033:0x7f7782f8d3bc
[  182.880238][ T7179] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  182.880255][ T7179] RSP: 002b:00007f7783e7e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  182.880274][ T7179] RAX: ffffffffffffffda RBX: 00007f77831b5fa0 RCX: 00007f7782f8d3bc
[  182.880286][ T7179] RDX: 000000000000000f RSI: 00007f7783e7e0a0 RDI: 0000000000000003
[  182.880298][ T7179] RBP: 00007f7783e7e090 R08: 0000000000000000 R09: 0000000000000000
[  182.880309][ T7179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.880320][ T7179] R13: 0000000000000000 R14: 00007f77831b5fa0 R15: 00007ffe920ffc18
[  182.880346][ T7179]  </TASK>
[  183.067021][    C1] vkms_vblank_simulate: vblank timer overrun
[  183.612386][ T7189] xt_nfacct: accounting object `syz1' does not exists
[  183.623117][ T7189] netlink: 'syz.2.343': attribute type 4 has an invalid length.
[  183.630913][ T7189] netlink: 17 bytes leftover after parsing attributes in process `syz.2.343'.
[  183.921876][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout
[  183.955932][ T7191] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  183.978214][ T5154] Bluetooth: hci4: command 0x0405 tx timeout
[  183.978245][ T5830] Bluetooth: hci3: command 0x0c1a tx timeout
[  183.984370][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout
[  183.990470][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout
[  184.131637][ T7193] netlink: 'syz.1.344': attribute type 9 has an invalid length.
[  184.297945][   T30] audit: type=1400 audit(1753396861.174:708): avc:  denied  { mount } for  pid=7192 comm="syz.1.344" name="/" dev="ramfs" ino=13945 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  184.332304][ T7193] netlink: 256 bytes leftover after parsing attributes in process `syz.1.344'.
[  184.412657][ T7193] unsupported nlmsg_type 40
[  185.184934][   T30] audit: type=1400 audit(1753396861.574:709): avc:  denied  { getopt } for  pid=7198 comm="syz.0.347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  185.493363][ T7205] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  185.541729][   T30] audit: type=1326 audit(1753396862.424:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.349" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x0
[  185.685292][   T30] audit: type=1326 audit(1753396862.564:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f18e9a9 code=0x7ffc0000
[  185.719326][   T30] audit: type=1326 audit(1753396862.574:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f18e9a9 code=0x7ffc0000
[  185.913020][   T30] audit: type=1326 audit(1753396862.574:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7ff09f18e9a9 code=0x7ffc0000
[  186.203021][   T30] audit: type=1326 audit(1753396862.574:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f18e9a9 code=0x7ffc0000
[  186.304564][   T30] audit: type=1326 audit(1753396862.574:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f18e9a9 code=0x7ffc0000
[  186.402727][   T30] audit: type=1326 audit(1753396862.574:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7ff09f18e9a9 code=0x7ffc0000
[  186.518273][ T7231] syz.1.354: attempt to access beyond end of device
[  186.518273][ T7231] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  186.720838][   T30] audit: type=1326 audit(1753396862.574:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f18e9a9 code=0x7ffc0000
[  186.899807][ T7236] xt_nfacct: accounting object `syz1' does not exists
[  186.916631][ T7236] netlink: 'syz.0.357': attribute type 4 has an invalid length.
[  186.924388][ T7236] netlink: 17 bytes leftover after parsing attributes in process `syz.0.357'.
[  187.319092][ T7238] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  187.400493][   T30] audit: type=1326 audit(1753396862.574:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f18e9a9 code=0x7ffc0000
[  187.483712][   T30] audit: type=1326 audit(1753396862.574:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ff09f18e9a9 code=0x7ffc0000
[  187.624636][   T30] audit: type=1326 audit(1753396862.574:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f18e9a9 code=0x7ffc0000
[  187.746092][   T30] audit: type=1326 audit(1753396862.574:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f18e9a9 code=0x7ffc0000
[  187.868888][   T30] audit: type=1326 audit(1753396862.574:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7214 comm="syz.2.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff09f18d310 code=0x7ffc0000
[  187.979758][ T7255] syz.4.361: attempt to access beyond end of device
[  187.979758][ T7255] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  187.993010][ T7255] efs: cannot read volume header
[  188.229900][    C0] wlan1: beacon TX faster than countdown (channel/color switch) completion
[  188.422215][ T7254] netlink: 5364 bytes leftover after parsing attributes in process `syz.4.361'.
[  188.918119][ T7277] tipc: Started in network mode
[  188.943391][ T7277] tipc: Node identity c2c34b2136e9, cluster identity 4711
[  188.987871][ T7277] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  189.008124][ T7282] syzkaller0: entered promiscuous mode
[  189.013637][ T7282] syzkaller0: entered allmulticast mode
[  189.039729][ T7277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.370'.
[  189.121207][ T7277] tipc: Resetting bearer <eth:syzkaller0>
[  189.149397][ T7276] tipc: Resetting bearer <eth:syzkaller0>
[  189.156402][   T44] usb 4-1: new low-speed USB device number 6 using dummy_hcd
[  189.193803][ T7276] tipc: Disabling bearer <eth:syzkaller0>
[  189.844976][   T44] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  190.303749][   T44] usb 4-1: string descriptor 0 read error: -22
[  190.343314][   T44] usb 4-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0
[  190.359858][ T7299] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  191.186001][   T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.238259][   T30] kauditd_printk_skb: 63 callbacks suppressed
[  192.238276][   T30] audit: type=1400 audit(1753396869.124:786): avc:  denied  { name_bind } for  pid=7293 comm="syz.0.374" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  192.271122][ T7297] 9pnet_fd: Insufficient options for proto=fd
[  192.280288][   T44] usb 4-1: USB disconnect, device number 6
[  192.610775][ T7315] netlink: 'syz.0.382': attribute type 1 has an invalid length.
[  192.636122][   T24] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  192.964572][   T24] usb 2-1: config 3 has an invalid interface number: 61 but max is 0
[  193.003384][   T24] usb 2-1: config 3 has no interface number 0
[  193.013252][   T24] usb 2-1: config 3 interface 61 has no altsetting 0
[  193.034252][   T24] usb 2-1: string descriptor 0 read error: -22
[  193.061646][   T24] usb 2-1: New USB device found, idVendor=0499, idProduct=101a, bcdDevice=44.26
[  193.097216][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.122511][   T24] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  193.349429][   T24] snd-usb-audio 2-1:3.61: probe with driver snd-usb-audio failed with error -2
[  193.404904][   T24] usb 2-1: USB disconnect, device number 14
[  193.484229][ T7325] loop6: detected capacity change from 0 to 64
[  194.065128][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  194.071996][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  194.756080][   T30] audit: type=1400 audit(1753396871.634:787): avc:  denied  { mount } for  pid=7331 comm="syz.2.387" name="/" dev="autofs" ino=15378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  194.797516][ T7333] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  194.825819][ T7339] netlink: 4 bytes leftover after parsing attributes in process `syz.4.377'.
[  194.825994][ T7333] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  194.891507][ T7333] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  195.099995][   T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  195.387152][   T24] usb 5-1: Using ep0 maxpacket: 32
[  195.667634][   T24] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  195.667702][   T24] usb 5-1: config 0 has no interface number 0
[  195.881659][   T24] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  195.957838][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.009318][   T24] usb 5-1: Product: syz
[  196.022712][   T24] usb 5-1: Manufacturer: syz
[  196.036135][   T24] usb 5-1: SerialNumber: syz
[  196.203773][   T24] usb 5-1: config 0 descriptor??
[  196.374169][   T24] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  196.417623][   T24] usb 5-1: selecting invalid altsetting 1
[  196.457920][   T24] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  196.472307][  T974] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  196.536535][   T24] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  196.645055][   T24] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  196.747397][   T24] usb 5-1: media controller created
[  196.794668][  T974] usb 3-1: Using ep0 maxpacket: 16
[  196.911125][  T974] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  196.996940][  T974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  197.095844][  T974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  197.131428][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  197.187134][  T974] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  197.264573][  T974] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  197.411712][  T974] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  197.479123][  T974] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  197.495833][   T24] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  197.528391][   T24] zl10353_read_register: readreg error (reg=127, ret==-71)
[  197.558418][  T974] usb 3-1: Manufacturer: syz
[  197.586045][   T24] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  197.708056][  T974] usb 3-1: config 0 descriptor??
[  198.096439][  T974] usb 3-1: can't set config #0, error -71
[  198.114216][   T30] audit: type=1400 audit(1753396874.974:788): avc:  denied  { unmount } for  pid=5832 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  198.177858][  T974] usb 3-1: USB disconnect, device number 7
[  198.293833][   T24] usb 5-1: USB disconnect, device number 7
[  198.405975][ T7352] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  199.298690][   T30] audit: type=1400 audit(1753396876.174:789): avc:  denied  { getopt } for  pid=7354 comm="syz.2.391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  200.438926][   T30] audit: type=1400 audit(1753396876.534:790): avc:  denied  { execute } for  pid=7350 comm="syz.1.392" path="/86/file0" dev="tmpfs" ino=467 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  200.492963][   T30] audit: type=1804 audit(1753396876.534:791): pid=7365 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.392" name="/newroot/86/file0" dev="tmpfs" ino=467 res=1 errno=0
[  202.216179][   T30] audit: type=1400 audit(1753396879.094:792): avc:  denied  { map } for  pid=7381 comm="syz.0.400" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  202.666857][   T30] audit: type=1400 audit(1753396879.094:793): avc:  denied  { execute } for  pid=7381 comm="syz.0.400" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  203.796107][   T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  203.820329][   T30] audit: type=1400 audit(1753396880.684:794): avc:  denied  { connect } for  pid=7379 comm="syz.3.398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  203.944766][   T30] audit: type=1400 audit(1753396880.734:795): avc:  denied  { setopt } for  pid=7379 comm="syz.3.398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  204.046846][   T24] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  204.079599][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.118287][   T24] usb 3-1: Product: syz
[  204.148618][   T24] usb 3-1: Manufacturer: syz
[  204.153258][   T24] usb 3-1: SerialNumber: syz
[  204.213110][   T24] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  204.233286][   T30] audit: type=1400 audit(1753396881.114:796): avc:  denied  { firmware_load } for  pid=974 comm="kworker/1:2" path="/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw" dev="sda1" ino=313 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  204.388061][  T974] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  204.543151][ T7405] syz.4.399: attempt to access beyond end of device
[  204.543151][ T7405] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  204.557070][ T7405] efs: cannot read volume header
[  204.660586][ T7406] netlink: 5364 bytes leftover after parsing attributes in process `syz.4.399'.
[  205.178254][ T7408] netlink: 10 bytes leftover after parsing attributes in process `syz.1.404'.
[  205.525970][  T974] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  205.533625][  T974] ath9k_htc: Failed to initialize the device
[  205.631365][  T974] usb 3-1: ath9k_htc: USB layer deinitialized
[  205.667185][ T7397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  205.698029][ T7397] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  205.896374][ T5835] Bluetooth: hci4: command 0x0405 tx timeout
[  205.923545][   T30] audit: type=1400 audit(1753396882.804:797): avc:  denied  { create } for  pid=7392 comm="syz.2.402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  206.480330][ T5886] usb 3-1: USB disconnect, device number 8
[  209.115924][   T30] audit: type=1400 audit(1753396885.994:798): avc:  denied  { write } for  pid=7438 comm="syz.4.414" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  209.216471][   T30] audit: type=1400 audit(1753396886.064:799): avc:  denied  { bind } for  pid=7438 comm="syz.4.414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  209.243925][   T30] audit: type=1400 audit(1753396886.064:800): avc:  denied  { getopt } for  pid=7438 comm="syz.4.414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  210.258725][ T7451] netlink: 10 bytes leftover after parsing attributes in process `syz.4.418'.
[  210.404821][ T7449] tipc: Started in network mode
[  210.410374][ T7449] tipc: Node identity 080211000001, cluster identity 4711
[  210.425397][ T7449] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  210.674284][   T30] audit: type=1400 audit(1753396887.544:801): avc:  denied  { getopt } for  pid=7456 comm="syz.4.420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  211.537378][ T5918] tipc: Node number set to 134418688
[  214.567042][ T7489] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=58 sclass=netlink_tcpdiag_socket pid=7489 comm=syz.4.430
[  214.631638][ T7493] netlink: 10 bytes leftover after parsing attributes in process `syz.3.431'.
[  214.842659][   T30] audit: type=1326 audit(1753396891.724:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7497 comm="syz.4.432" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x0
[  215.089056][ T7496] syz.2.429: attempt to access beyond end of device
[  215.089056][ T7496] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  218.553800][ T7534] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[  218.577204][ T7534] trusted_key: encrypted_key: master key parameter 'deK�+$fault' is invalid
[  218.600118][ T7534] sctp: [Deprecated]: syz.4.439 (pid 7534) Use of int in max_burst socket option deprecated.
[  218.600118][ T7534] Use struct sctp_assoc_value instead
[  218.616901][   T30] audit: type=1400 audit(1753396895.454:803): avc:  denied  { relabelto } for  pid=7526 comm="syz.4.439" name="file0" dev="tmpfs" ino=499 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  218.744166][   T30] audit: type=1400 audit(1753396895.454:804): avc:  denied  { associate } for  pid=7526 comm="syz.4.439" name="file0" dev="tmpfs" ino=499 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0"
[  218.975490][   T30] audit: type=1400 audit(1753396895.854:805): avc:  denied  { read } for  pid=7539 comm="syz.1.445" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  219.036817][   T30] audit: type=1400 audit(1753396895.924:806): avc:  denied  { write } for  pid=7539 comm="syz.1.445" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  220.138706][ T7553] syz.1.448: attempt to access beyond end of device
[  220.138706][ T7553] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  220.239080][   T30] audit: type=1326 audit(1753396897.124:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.3.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  220.300960][   T30] audit: type=1326 audit(1753396897.144:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.3.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  220.324153][    C1] vkms_vblank_simulate: vblank timer overrun
[  220.430530][   T30] audit: type=1326 audit(1753396897.144:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.3.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  220.453819][    C1] vkms_vblank_simulate: vblank timer overrun
[  221.072389][   T30] audit: type=1326 audit(1753396897.144:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.3.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  221.233138][   T30] audit: type=1326 audit(1753396897.144:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.3.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  221.256376][    C1] vkms_vblank_simulate: vblank timer overrun
[  221.615846][   T30] audit: type=1326 audit(1753396897.144:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.3.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  221.639116][    C1] vkms_vblank_simulate: vblank timer overrun
[  222.411773][   T30] audit: type=1326 audit(1753396897.144:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.3.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  222.496398][   T30] audit: type=1326 audit(1753396897.144:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.3.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  222.521766][   T30] audit: type=1326 audit(1753396897.144:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.3.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  222.547469][   T30] audit: type=1326 audit(1753396897.144:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.3.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  224.376814][ T5837] usb 4-1: new low-speed USB device number 7 using dummy_hcd
[  224.872403][ T5837] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  224.907184][ T5837] usb 4-1: config 0 has no interface number 0
[  224.919622][ T5837] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  224.931571][ T5837] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 9, setting to 8
[  224.953128][ T5837] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  224.964071][ T5837] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.980114][ T5837] usb 4-1: config 0 descriptor??
[  224.991433][ T7591] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  225.015222][ T5837] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  225.223129][ T7603] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  225.631294][   T44] usb 4-1: USB disconnect, device number 7
[  225.840058][ T7615] netlink: 12 bytes leftover after parsing attributes in process `syz.1.465'.
[  225.970087][   T30] kauditd_printk_skb: 63 callbacks suppressed
[  225.970104][   T30] audit: type=1400 audit(1753396902.854:880): avc:  denied  { connect } for  pid=7618 comm="syz.4.468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  226.009387][ T7615] IPVS: persistence engine module ip_vs_pe_   not found
[  226.479218][   T44] libceph: connect (1)[c::]:6789 error -101
[  226.526377][   T44] libceph: mon0 (1)[c::]:6789 connect error
[  226.841648][   T44] libceph: connect (1)[c::]:6789 error -101
[  226.858390][   T44] libceph: mon0 (1)[c::]:6789 connect error
[  227.439354][ T7623] ceph: No mds server is up or the cluster is laggy
[  227.455388][   T44] libceph: connect (1)[c::]:6789 error -101
[  227.512068][   T44] libceph: mon0 (1)[c::]:6789 connect error
[  227.968504][ T7642] netlink: 1004 bytes leftover after parsing attributes in process `syz.2.474'.
[  227.968534][ T5830] Bluetooth: hci2: unknown advertising packet type: 0xff
[  227.979003][ T5830] Bluetooth: hci2: unknown advertising packet type: 0x30
[  229.452003][   T30] audit: type=1400 audit(1753396906.324:881): avc:  denied  { bind } for  pid=7658 comm="syz.2.478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  229.680889][ T7669] netlink: 'syz.1.477': attribute type 4 has an invalid length.
[  229.688662][ T7669] netlink: 17 bytes leftover after parsing attributes in process `syz.1.477'.
[  230.570785][   T30] audit: type=1400 audit(1753396907.454:882): avc:  denied  { write } for  pid=7673 comm="syz.4.483" name="sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  231.069776][ T7679] bond0: entered promiscuous mode
[  231.074854][ T7679] bond_slave_0: entered promiscuous mode
[  231.106424][ T7681] netlink: 44 bytes leftover after parsing attributes in process `syz.4.483'.
[  231.118601][ T7679] bond_slave_1: entered promiscuous mode
[  231.169408][ T7679] batadv0: entered promiscuous mode
[  231.308579][ T7679] 8021q: adding VLAN 0 to HW filter on device hsr1
[  232.241828][ T7693] netlink: 12 bytes leftover after parsing attributes in process `syz.4.487'.
[  232.493206][ T7693] IPVS: persistence engine module ip_vs_pe_   not found
[  235.295322][   T30] audit: type=1400 audit(1753396912.174:883): avc:  denied  { unmount } for  pid=5832 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  240.425167][ T7768] netlink: 8 bytes leftover after parsing attributes in process `syz.1.507'.
[  240.501398][ T7768] netlink: 24 bytes leftover after parsing attributes in process `syz.1.507'.
[  241.316997][   T30] audit: type=1400 audit(1753396918.194:884): avc:  denied  { name_bind 0x1000000 } for  pid=7783 comm="syz.2.513" path="socket:[17778]" dev="sockfs" ino=17778 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  241.342133][    C0] vkms_vblank_simulate: vblank timer overrun
[  242.651026][ T7797] syz.2.518: attempt to access beyond end of device
[  242.651026][ T7797] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  242.664373][ T7797] efs: cannot read volume header
[  243.258133][ T7800] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  244.142262][ T7796] netlink: 5364 bytes leftover after parsing attributes in process `syz.2.518'.
[  244.337613][ T7809] netlink: 10 bytes leftover after parsing attributes in process `syz.0.512'.
[  249.648128][ T7854] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  249.654252][ T7854] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  249.696257][ T7854] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  249.864269][ T7854] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  249.873104][ T7854] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  250.136381][ T5944] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  250.701428][ T5944] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.748711][ T5944] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  250.778659][ T5944] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.808324][ T5944] usb 5-1: config 0 descriptor??
[  250.877247][   T30] audit: type=1326 audit(1753396927.764:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7885 comm="syz.2.537" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff09f18e9a9 code=0x0
[  251.736537][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout
[  251.748452][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout
[  251.748464][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout
[  251.782190][ T5944] keytouch 0003:0926:3333.0004: fixing up Keytouch IEC report descriptor
[  251.898186][ T5830] Bluetooth: hci4: command 0x0405 tx timeout
[  251.898194][ T5154] Bluetooth: hci3: command 0x0c1a tx timeout
[  251.903443][ T5944] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0004/input/input10
[  251.913089][   T30] audit: type=1400 audit(1753396928.794:886): avc:  denied  { ioctl } for  pid=7892 comm="syz.2.539" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  251.963798][ T7874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  251.991168][ T7874] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  252.292181][ T7898] syz.2.541: attempt to access beyond end of device
[  252.292181][ T7898] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  252.341541][ T7898] efs: cannot read volume header
[  252.564595][ T5944] keytouch 0003:0926:3333.0004: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[  252.653293][ T5944] usb 5-1: USB disconnect, device number 8
[  252.659298][ T7897] netlink: 5364 bytes leftover after parsing attributes in process `syz.2.541'.
[  252.820630][ T7904] fido_id[7904]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  254.089061][ T7924] loop6: detected capacity change from 0 to 64
[  254.443211][ T5827] Buffer I/O error on dev loop6, logical block 4, async page read
[  255.501419][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  255.514166][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  255.829090][   T30] audit: type=1400 audit(1753396932.694:887): avc:  denied  { ioctl } for  pid=7936 comm="syz.3.551" path="socket:[17188]" dev="sockfs" ino=17188 ioctlcmd=0x8905 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  255.874653][ T7938] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  255.941192][ T7935] netlink: 8 bytes leftover after parsing attributes in process `syz.2.550'.
[  255.956430][ T7935] netlink: 24 bytes leftover after parsing attributes in process `syz.2.550'.
[  255.977747][ T7935] netlink: 8 bytes leftover after parsing attributes in process `syz.2.550'.
[  256.090620][ T7935] netlink: 24 bytes leftover after parsing attributes in process `syz.2.550'.
[  257.508784][ T7955] syz.0.552: attempt to access beyond end of device
[  257.508784][ T7955] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  257.522247][ T7955] efs: cannot read volume header
[  257.690274][ T7956] netlink: 5364 bytes leftover after parsing attributes in process `syz.0.552'.
[  257.838803][   T30] audit: type=1326 audit(1753396934.724:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7957 comm="syz.4.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  257.912485][   T30] audit: type=1326 audit(1753396934.764:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7957 comm="syz.4.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  257.946113][   T30] audit: type=1326 audit(1753396934.784:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7957 comm="syz.4.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  257.980830][   T30] audit: type=1326 audit(1753396934.784:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7957 comm="syz.4.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  258.017005][   T30] audit: type=1326 audit(1753396934.784:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7957 comm="syz.4.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  258.216205][   T30] audit: type=1326 audit(1753396934.784:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7957 comm="syz.4.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  258.241682][   T30] audit: type=1326 audit(1753396934.784:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7957 comm="syz.4.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  258.802589][   T30] audit: type=1326 audit(1753396934.784:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7957 comm="syz.4.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  258.841022][   T30] audit: type=1326 audit(1753396934.784:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7957 comm="syz.4.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  259.266713][   T30] audit: type=1326 audit(1753396934.784:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7957 comm="syz.4.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  259.274259][ T5154] Bluetooth: hci4: command 0x0405 tx timeout
[  259.289929][    C0] vkms_vblank_simulate: vblank timer overrun
[  259.621048][ T7975] netlink: 'syz.2.560': attribute type 83 has an invalid length.
[  261.026467][ T5837] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  261.276001][ T5837] usb 5-1: Using ep0 maxpacket: 8
[  261.287665][ T5837] usb 5-1: config 0 has an invalid descriptor of length 78, skipping remainder of the config
[  261.321356][ T5837] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  261.371898][ T5837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  261.430312][ T5837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  261.443633][ T5837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 185, changing to 11
[  262.003166][ T5837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 57799, setting to 1024
[  262.014374][ T5837] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  262.030129][ T5837] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  262.039325][ T5837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.047762][ T5837] usb 5-1: Product: syz
[  262.052304][ T5837] usb 5-1: Manufacturer: syz
[  262.057517][ T5837] usb 5-1: SerialNumber: syz
[  262.068337][ T5837] usb 5-1: config 0 descriptor??
[  262.096343][ T7995] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  262.126049][ T5918] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  262.844321][ T7995] input: syz0 as /devices/virtual/input/input11
[  262.855950][ T5918] usb 4-1: Using ep0 maxpacket: 8
[  262.948935][   T30] kauditd_printk_skb: 143 callbacks suppressed
[  262.949373][   T30] audit: type=1326 audit(1753396939.834:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8003 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f768d58e5ab code=0x7ffc0000
[  262.985259][    C0] vkms_vblank_simulate: vblank timer overrun
[  262.992415][   T30] audit: type=1326 audit(1753396939.834:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8003 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f768d58e5ab code=0x7ffc0000
[  263.234078][ T5918] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  263.255761][ T5918] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  263.291607][   T30] audit: type=1326 audit(1753396940.104:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8003 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f768d58e5ab code=0x7ffc0000
[  263.371492][ T5918] usb 4-1: config 0 has no interface number 0
[  263.399552][ T5918] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  263.854768][   T30] audit: type=1326 audit(1753396940.114:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8003 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f768d58e5ab code=0x7ffc0000
[  263.878509][ T5918] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  263.912359][   T30] audit: type=1326 audit(1753396940.114:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8003 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f768d58e5ab code=0x7ffc0000
[  264.443137][   T30] audit: type=1326 audit(1753396940.114:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8003 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f768d58e5ab code=0x7ffc0000
[  264.466879][   T30] audit: type=1400 audit(1753396940.164:1047): avc:  denied  { write } for  pid=7994 comm="syz.4.565" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  264.504849][ T5918] usb 4-1: config 0 interface 52 has no altsetting 0
[  264.944699][ T5918] usb 4-1: string descriptor 0 read error: -71
[  264.953892][ T5918] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  264.966409][ T5837] rc_core: IR keymap rc-snapstream-firefly not found
[  264.973155][ T5837] Registered IR keymap rc-empty
[  265.001216][ T5918] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  265.014189][ T5837] rc rc0: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  265.061017][ T5918] usb 4-1: config 0 descriptor??
[  265.082073][ T5830] Bluetooth: hci3: unexpected event for opcode 0x0809
[  265.095609][ T5837] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input12
[  265.116585][ T5918] usb 4-1: can't set config #0, error -71
[  265.125007][ T5918] usb 4-1: USB disconnect, device number 8
[  265.143111][ T5837] input: syz syz mouse as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input13
[  265.186470][ T5837] usb 5-1: USB disconnect, device number 9
[  265.186537][    C0] ati_remote 5-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19
[  266.638974][ T8046] input: syz0 as /devices/virtual/input/input14
[  266.648721][ T8046] input: failed to attach handler leds to device input14, error: -6
[  267.223137][ T8044] netlink: 16 bytes leftover after parsing attributes in process `syz.0.576'.
[  267.705976][ T5837] usb 5-1: new low-speed USB device number 10 using dummy_hcd
[  267.888064][ T5837] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  267.909524][ T5837] usb 5-1: config 0 has no interface number 0
[  267.915675][ T5837] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  268.428381][ T5837] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 9, setting to 8
[  268.440767][ T5837] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  268.452165][ T5837] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.063053][ T5837] usb 5-1: config 0 descriptor??
[  269.075141][ T8064] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  269.369441][ T5837] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  269.560120][ T5837] usb 5-1: USB disconnect, device number 10
[  271.438589][   T30] audit: type=1326 audit(1753396948.284:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8100 comm="syz.4.590" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x0
[  276.208443][ T5830] Bluetooth: hci1: unexpected event for opcode 0x0809
[  276.220643][ T8154] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  276.545991][ T5837] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  276.776115][ T5837] usb 4-1: Using ep0 maxpacket: 8
[  276.873177][ T5837] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  276.985791][ T8175] xt_nfacct: accounting object `syz1' does not exists
[  277.405124][ T5837] usb 4-1: config 0 has no interface number 0
[  277.412171][ T5837] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  277.424829][ T5837] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  277.436967][ T5837] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  277.461571][ T5837] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  277.617470][ T5837] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  277.640522][ T5837] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  277.685345][ T5837] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.877695][ T5837] usb 4-1: config 0 descriptor??
[  277.976167][ T8183] loop6: detected capacity change from 0 to 64
[  278.447272][ T5837] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  278.623764][ T5827] Buffer I/O error on dev loop6, logical block 4, async page read
[  279.302266][ T8159] ldusb 4-1:0.55: Couldn't submit interrupt_in_urb -90
[  279.386141][ T8159] netlink: 100 bytes leftover after parsing attributes in process `syz.3.602'.
[  279.444039][ T8190] netlink: 8 bytes leftover after parsing attributes in process `syz.0.610'.
[  280.066956][ T8200] xt_nfacct: accounting object `syz1' does not exists
[  280.099712][ T8200] netlink: 'syz.2.612': attribute type 4 has an invalid length.
[  280.107490][ T8200] netlink: 17 bytes leftover after parsing attributes in process `syz.2.612'.
[  280.471151][ T8190] netlink: 24 bytes leftover after parsing attributes in process `syz.0.610'.
[  281.272954][ T8211] loop6: detected capacity change from 0 to 64
[  281.865462][ T5827] Buffer I/O error on dev loop6, logical block 4, async page read
[  283.078915][ T5830] Bluetooth: hci0: unexpected event for opcode 0x0809
[  283.079234][ T8220] netlink: 12 bytes leftover after parsing attributes in process `syz.2.617'.
[  284.204249][ T8229] loop6: detected capacity change from 0 to 64
[  284.671299][ T5827] Buffer I/O error on dev loop6, logical block 4, async page read
[  285.171926][   T30] audit: type=1400 audit(1753396962.004:1049): avc:  denied  { read } for  pid=8230 comm="syz.1.620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  285.363263][ T5886] usb 4-1: USB disconnect, device number 9
[  285.449555][ T5886] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  287.382950][ T8247] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  287.678435][ T8249] netlink: 4 bytes leftover after parsing attributes in process `syz.3.625'.
[  287.841609][   T30] audit: type=1400 audit(1753396964.724:1050): avc:  denied  { bind } for  pid=8250 comm="syz.1.627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  287.905371][   T30] audit: type=1400 audit(1753396964.754:1051): avc:  denied  { setopt } for  pid=8250 comm="syz.1.627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  287.956506][ T5837] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  287.994547][   T30] audit: type=1400 audit(1753396964.874:1052): avc:  denied  { unmount } for  pid=5828 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  288.125957][ T5837] usb 4-1: Using ep0 maxpacket: 32
[  288.437124][ T5837] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  288.816198][ T5837] usb 4-1: config 0 has no interface number 0
[  288.929680][ T5837] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  288.956321][ T5837] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.984736][ T5837] usb 4-1: Product: syz
[  289.011074][ T5837] usb 4-1: Manufacturer: syz
[  289.021147][ T5837] usb 4-1: SerialNumber: syz
[  289.039613][ T5837] usb 4-1: config 0 descriptor??
[  289.064933][ T5837] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  289.078695][ T5837] usb 4-1: selecting invalid altsetting 1
[  289.088916][ T5837] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  289.119834][ T5837] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  289.139309][ T5837] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  289.191938][ T5944] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  289.821230][ T5837] usb 4-1: media controller created
[  289.981971][ T5837] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  290.110056][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  290.133703][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  290.385738][ T5944] usb 2-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
[  290.439130][ T5837] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  290.494518][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.496518][ T5837] zl10353_read_register: readreg error (reg=127, ret==-71)
[  290.517086][ T5837] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  290.618651][ T5944] usb 2-1: config 0 descriptor??
[  290.738377][ T8279] loop6: detected capacity change from 0 to 64
[  291.220612][ T5847] Buffer I/O error on dev loop6, logical block 4, async page read
[  291.510315][ T5837] usb 4-1: USB disconnect, device number 10
[  292.379912][ T8288] netlink: 12 bytes leftover after parsing attributes in process `syz.3.638'.
[  292.392091][ T8291] netlink: 10 bytes leftover after parsing attributes in process `syz.2.639'.
[  292.572892][ T8288] IPVS: persistence engine module ip_vs_pe_   not found
[  292.698176][ T5944] usbhid 2-1:0.0: can't add hid device: -71
[  292.704201][ T5944] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  292.992893][ T8302] xt_nfacct: accounting object `syz1' does not exists
[  293.007455][ T8302] netlink: 'syz.2.640': attribute type 4 has an invalid length.
[  293.015172][ T8302] netlink: 17 bytes leftover after parsing attributes in process `syz.2.640'.
[  293.853421][ T5944] usb 2-1: USB disconnect, device number 15
[  294.686128][ T5830] Bluetooth: hci3: unexpected event for opcode 0x0809
[  294.755418][ T5944] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  295.477652][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  295.521176][ T5944] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  295.731837][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.768837][ T5944] usb 2-1: config 0 descriptor??
[  295.971360][ T5944] usb 2-1: can't set config #0, error -71
[  296.007255][ T5944] usb 2-1: USB disconnect, device number 16
[  296.055074][ T8320] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  296.074367][ T8320] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  296.082648][ T8320] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  296.092598][ T8320] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  296.115427][ T8320] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  297.849424][ T8338] netlink: 8 bytes leftover after parsing attributes in process `syz.3.650'.
[  297.860100][ T8338] netlink: 24 bytes leftover after parsing attributes in process `syz.3.650'.
[  297.870694][ T8338] netlink: 8 bytes leftover after parsing attributes in process `syz.3.650'.
[  297.879627][ T8338] netlink: 24 bytes leftover after parsing attributes in process `syz.3.650'.
[  298.057822][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout
[  298.136517][ T5154] Bluetooth: hci4: command 0x0405 tx timeout
[  298.137095][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout
[  298.142678][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout
[  298.154701][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout
[  298.203605][   T30] audit: type=1400 audit(1753396975.084:1053): avc:  denied  { append } for  pid=8340 comm="syz.4.651" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  298.228854][ T8341] overlayfs: missing 'lowerdir'
[  299.283741][ T8350] xt_addrtype: ipv6 does not support BROADCAST matching
[  299.319975][ T8351] netlink: 12 bytes leftover after parsing attributes in process `syz.1.653'.
[  299.757915][ T5945] usb 5-1: new low-speed USB device number 11 using dummy_hcd
[  299.976437][ T5945] usb 5-1: unable to get BOS descriptor or descriptor too short
[  299.992007][ T5945] usb 5-1: config 255 has an invalid interface number: 56 but max is 2
[  300.002819][ T5945] usb 5-1: config 255 contains an unexpected descriptor of type 0x2, skipping
[  300.145181][ T5945] usb 5-1: config 255 contains an unexpected descriptor of type 0x1, skipping
[  300.181891][ T5945] usb 5-1: config 255 contains an unexpected descriptor of type 0x1, skipping
[  300.286067][ T5835] Bluetooth: hci4: command 0x0405 tx timeout
[  300.304815][ T5945] usb 5-1: config 255 has an invalid interface number: 202 but max is 2
[  300.333003][ T5945] usb 5-1: config 255 has an invalid interface number: 100 but max is 2
[  300.757389][ T5945] usb 5-1: config 255 has no interface number 0
[  300.778669][ T5945] usb 5-1: config 255 has no interface number 1
[  300.802670][ T5945] usb 5-1: config 255 has no interface number 2
[  300.818811][ T5945] usb 5-1: config 255 interface 56 altsetting 6 endpoint 0xF has invalid maxpacket 1024, setting to 8
[  300.863025][ T5945] usb 5-1: config 255 interface 56 altsetting 6 endpoint 0x4 has invalid maxpacket 1023, setting to 8
[  300.899566][ T5945] usb 5-1: config 255 interface 56 altsetting 6 endpoint 0x9 has invalid maxpacket 512, setting to 8
[  301.030475][ T5945] usb 5-1: config 255 interface 56 altsetting 6 endpoint 0xD has invalid wMaxPacketSize 0
[  301.064694][ T5945] usb 5-1: config 255 interface 56 altsetting 6 has a duplicate endpoint with address 0xF, skipping
[  301.613748][ T5945] usb 5-1: config 255 interface 56 altsetting 6 endpoint 0x8 has invalid maxpacket 32, setting to 8
[  301.638574][ T5945] usb 5-1: config 255 interface 56 altsetting 6 has a duplicate endpoint with address 0xD, skipping
[  301.656231][ T5945] usb 5-1: config 255 interface 56 altsetting 6 has a duplicate endpoint with address 0xD, skipping
[  301.667544][ T5945] usb 5-1: config 255 interface 56 altsetting 6 has a duplicate endpoint with address 0xF, skipping
[  301.692584][ T5945] usb 5-1: config 255 interface 56 altsetting 6 endpoint 0x3 has invalid maxpacket 1024, setting to 8
[  301.777870][ T5945] usb 5-1: config 255 interface 56 altsetting 6 has a duplicate endpoint with address 0xF, skipping
[  301.793423][ T5945] usb 5-1: config 255 interface 202 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  301.812064][ T5945] usb 5-1: config 255 interface 202 altsetting 0 has a duplicate endpoint with address 0xD, skipping
[  301.824339][ T5945] usb 5-1: config 255 interface 202 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  301.852452][ T5945] usb 5-1: config 255 interface 202 altsetting 0 has a duplicate endpoint with address 0xD, skipping
[  301.943085][ T5945] usb 5-1: config 255 interface 202 altsetting 0 endpoint 0x1 has invalid maxpacket 8, setting to 0
[  302.106483][ T5945] usb 5-1: config 255 interface 202 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  302.128219][ T5945] usb 5-1: config 255 interface 202 altsetting 0 endpoint 0x7 has invalid maxpacket 1023, setting to 8
[  302.140339][ T5945] usb 5-1: config 255 interface 202 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  302.151649][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  302.163154][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has a duplicate endpoint with address 0xF, skipping
[  302.342637][ T8368] loop6: detected capacity change from 0 to 64
[  302.411515][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has a duplicate endpoint with address 0xD, skipping
[  302.832832][ T5945] usb 5-1: config 255 interface 100 altsetting 5 endpoint 0x6 has invalid maxpacket 64, setting to 8
[  302.846019][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has a duplicate endpoint with address 0xD, skipping
[  302.875349][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  302.896026][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has an endpoint descriptor with address 0x9C, changing to 0x8C
[  302.908749][ T5945] usb 5-1: config 255 interface 100 altsetting 5 endpoint 0x8C has invalid maxpacket 15540, setting to 8
[  302.922395][ T5945] usb 5-1: config 255 interface 100 altsetting 5 endpoint 0xB has invalid maxpacket 1024, setting to 8
[  302.935058][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has a duplicate endpoint with address 0x7, skipping
[  302.951144][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has a duplicate endpoint with address 0xC, skipping
[  302.962486][ T5945] usb 5-1: config 255 interface 100 altsetting 5 endpoint 0x2 has invalid maxpacket 40, setting to 8
[  302.981889][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has a duplicate endpoint with address 0x9, skipping
[  303.072784][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has an endpoint descriptor with address 0xB8, changing to 0x88
[  303.098783][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has a duplicate endpoint with address 0x88, skipping
[  303.216441][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  303.261557][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has a duplicate endpoint with address 0x6, skipping
[  303.293733][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has a duplicate endpoint with address 0x2, skipping
[  303.315281][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  303.348568][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has a duplicate endpoint with address 0x4, skipping
[  303.391975][ T8375] netlink: 12 bytes leftover after parsing attributes in process `syz.3.660'.
[  303.409726][ T5945] usb 5-1: config 255 interface 100 altsetting 5 has 18 endpoint descriptors, different from the interface descriptor's value: 16
[  303.444601][ T5945] usb 5-1: config 255 interface 56 has no altsetting 0
[  303.465729][ T5945] usb 5-1: config 255 interface 100 has no altsetting 0
[  303.473810][ T5945] usb 5-1: string descriptor 0 read error: -71
[  303.483388][ T5945] usb 5-1: New USB device found, idVendor=0db0, idProduct=6865, bcdDevice=fe.14
[  303.493394][ T5945] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.524661][ T5945] usb 5-1: can't set config #255, error -71
[  304.162678][ T5945] usb 5-1: USB disconnect, device number 11
[  304.221380][ T8375] IPVS: persistence engine module ip_vs_pe_   not found
[  309.195955][   T24] usb 4-1: new low-speed USB device number 11 using dummy_hcd
[  309.925461][   T24] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  310.235196][   T24] usb 4-1: config 0 has no interface number 0
[  310.261653][   T24] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  310.344872][   T24] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 9, setting to 8
[  310.384832][   T24] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  310.406270][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.435738][   T24] usb 4-1: config 0 descriptor??
[  310.452750][ T8418] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  310.487482][   T24] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  311.355953][   T24] usb 4-1: USB disconnect, device number 11
[  311.680724][ T8445] 9pnet: Could not find request transport: fd�
[  313.624634][ T8466] netlink: 44 bytes leftover after parsing attributes in process `syz.0.684'.
[  315.091334][ T8491] loop6: detected capacity change from 0 to 64
[  315.341712][   T30] audit: type=1326 audit(1753396992.204:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8483 comm="syz.1.686" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7782f8e9a9 code=0x0
[  316.347923][ T8493] syz.1.686 (8493) used greatest stack depth: 19784 bytes left
[  316.954150][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  316.960580][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  316.971728][ T8513] netlink: 10 bytes leftover after parsing attributes in process `syz.3.694'.
[  317.316025][   T30] audit: type=1326 audit(1753396994.194:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8519 comm="syz.4.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  317.514605][   T30] audit: type=1326 audit(1753396994.194:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8519 comm="syz.4.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  317.694320][   T30] audit: type=1326 audit(1753396994.204:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8519 comm="syz.4.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  317.717631][    C0] vkms_vblank_simulate: vblank timer overrun
[  317.726026][   T30] audit: type=1326 audit(1753396994.204:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8519 comm="syz.4.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  317.749303][    C0] vkms_vblank_simulate: vblank timer overrun
[  317.756971][   T30] audit: type=1326 audit(1753396994.204:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8519 comm="syz.4.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  317.780259][    C0] vkms_vblank_simulate: vblank timer overrun
[  317.787874][   T30] audit: type=1326 audit(1753396994.204:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8519 comm="syz.4.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  317.822090][   T30] audit: type=1326 audit(1753396994.204:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8519 comm="syz.4.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  317.972723][   T30] audit: type=1326 audit(1753396994.204:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8519 comm="syz.4.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  317.976620][ T8515] netlink: 5364 bytes leftover after parsing attributes in process `syz.0.695'.
[  317.996108][    C0] vkms_vblank_simulate: vblank timer overrun
[  318.160158][   T30] audit: type=1326 audit(1753396994.204:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8519 comm="syz.4.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  318.184623][    C0] vkms_vblank_simulate: vblank timer overrun
[  318.260094][ T8532] netlink: 'syz.2.699': attribute type 1 has an invalid length.
[  318.271090][ T8532] netlink: 'syz.2.699': attribute type 2 has an invalid length.
[  318.283482][ T8532] netlink: 244 bytes leftover after parsing attributes in process `syz.2.699'.
[  318.292787][ T8532] FAULT_INJECTION: forcing a failure.
[  318.292787][ T8532] name failslab, interval 1, probability 0, space 0, times 0
[  318.306607][ T8532] CPU: 1 UID: 0 PID: 8532 Comm: syz.2.699 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  318.306628][ T8532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  318.306635][ T8532] Call Trace:
[  318.306640][ T8532]  <TASK>
[  318.306647][ T8532]  dump_stack_lvl+0x16c/0x1f0
[  318.306664][ T8532]  should_fail_ex+0x512/0x640
[  318.306685][ T8532]  should_failslab+0xc2/0x120
[  318.306696][ T8532]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  318.306714][ T8532]  ? skb_clone+0x190/0x3f0
[  318.306729][ T8532]  skb_clone+0x190/0x3f0
[  318.306741][ T8532]  netlink_deliver_tap+0xabd/0xd30
[  318.306758][ T8532]  netlink_unicast+0x702/0x850
[  318.306773][ T8532]  ? __pfx_netlink_unicast+0x10/0x10
[  318.306790][ T8532]  netlink_ack+0x696/0xb80
[  318.306807][ T8532]  netlink_rcv_skb+0x332/0x420
[  318.306820][ T8532]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  318.306833][ T8532]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  318.306851][ T8532]  ? netlink_deliver_tap+0x1ae/0xd30
[  318.306866][ T8532]  netlink_unicast+0x58d/0x850
[  318.306881][ T8532]  ? __pfx_netlink_unicast+0x10/0x10
[  318.306898][ T8532]  netlink_sendmsg+0x8d1/0xdd0
[  318.306913][ T8532]  ? __pfx_netlink_sendmsg+0x10/0x10
[  318.306932][ T8532]  ____sys_sendmsg+0xa98/0xc70
[  318.306946][ T8532]  ? copy_msghdr_from_user+0x10a/0x160
[  318.306957][ T8532]  ? __pfx_____sys_sendmsg+0x10/0x10
[  318.306973][ T8532]  ? __pfx__kstrtoull+0x10/0x10
[  318.306990][ T8532]  ___sys_sendmsg+0x134/0x1d0
[  318.307002][ T8532]  ? __pfx____sys_sendmsg+0x10/0x10
[  318.307020][ T8532]  ? find_held_lock+0x2b/0x80
[  318.307044][ T8532]  __sys_sendmmsg+0x200/0x420
[  318.307057][ T8532]  ? __pfx___sys_sendmmsg+0x10/0x10
[  318.307073][ T8532]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  318.307091][ T8532]  ? fput+0x70/0xf0
[  318.307103][ T8532]  ? ksys_write+0x1ac/0x250
[  318.307119][ T8532]  ? __pfx_ksys_write+0x10/0x10
[  318.307137][ T8532]  __x64_sys_sendmmsg+0x9c/0x100
[  318.307147][ T8532]  ? lockdep_hardirqs_on+0x7c/0x110
[  318.307164][ T8532]  do_syscall_64+0xcd/0x4c0
[  318.307176][ T8532]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.307188][ T8532] RIP: 0033:0x7ff09f18e9a9
[  318.307198][ T8532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.307208][ T8532] RSP: 002b:00007ff0a004e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  318.307219][ T8532] RAX: ffffffffffffffda RBX: 00007ff09f3b5fa0 RCX: 00007ff09f18e9a9
[  318.307226][ T8532] RDX: 0400000000000235 RSI: 0000200000000000 RDI: 0000000000000004
[  318.307233][ T8532] RBP: 00007ff0a004e090 R08: 0000000000000000 R09: 0000000000000000
[  318.307240][ T8532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  318.307246][ T8532] R13: 0000000000000000 R14: 00007ff09f3b5fa0 R15: 00007ffd1cc91098
[  318.307261][ T8532]  </TASK>
[  319.370672][ T8543] input: syz0 as /devices/virtual/input/input15
[  319.381288][ T8543] input: failed to attach handler leds to device input15, error: -6
[  319.429900][ T8536] netlink: 16 bytes leftover after parsing attributes in process `syz.2.700'.
[  319.883253][ T8548] input: syz0 as /devices/virtual/input/input16
[  319.890384][ T8548] input: failed to attach handler leds to device input16, error: -6
[  319.974563][ T8549] netlink: 16 bytes leftover after parsing attributes in process `syz.3.701'.
[  320.448674][ T8553] 9pnet: Could not find request transport: fd�
[  320.742235][ T1205] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  321.309216][ T1205] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  321.325508][ T1205] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  321.335718][ T1205] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.344678][ T8565] netlink: 10 bytes leftover after parsing attributes in process `syz.3.707'.
[  321.363419][ T1205] usb 3-1: config 0 descriptor??
[  322.708001][ T8551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  322.726707][ T1205] keytouch 0003:0926:3333.0005: fixing up Keytouch IEC report descriptor
[  322.993112][ T8551] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  323.019302][ T1205] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0005/input/input17
[  323.242371][ T8585] input: syz0 as /devices/virtual/input/input18
[  323.526707][ T8585] input: failed to attach handler leds to device input18, error: -6
[  323.535297][ T1205] keytouch 0003:0926:3333.0005: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  323.541635][ T1205] usb 3-1: USB disconnect, device number 9
[  323.702061][ T8588] fido_id[8588]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  324.091389][ T8596] netlink: 8 bytes leftover after parsing attributes in process `syz.2.715'.
[  324.162369][ T8595] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  324.447192][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  324.447209][   T30] audit: type=1400 audit(1753397001.334:1095): avc:  denied  { append } for  pid=8597 comm="syz.0.716" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  324.661282][   T30] audit: type=1400 audit(1753397001.544:1096): avc:  denied  { block_suspend } for  pid=8594 comm="syz.2.715" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  325.183968][ T8605] 9pnet: Could not find request transport: fd�
[  325.484218][ T8615] netlink: 12 bytes leftover after parsing attributes in process `syz.4.718'.
[  325.669848][   T30] audit: type=1400 audit(1753397002.554:1097): avc:  denied  { create } for  pid=8616 comm="syz.2.719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  325.670837][ T8618] netlink: 72 bytes leftover after parsing attributes in process `syz.2.719'.
[  325.992298][   T30] audit: type=1400 audit(1753397002.554:1098): avc:  denied  { write } for  pid=8616 comm="syz.2.719" path="socket:[20592]" dev="sockfs" ino=20592 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  326.074576][ T8615] IPVS: persistence engine module ip_vs_pe_   not found
[  328.907452][ T5945] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  329.097923][ T5945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  329.114087][ T5945] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  329.135352][ T5945] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.183597][ T5945] usb 4-1: config 0 descriptor??
[  330.149220][ T5945] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor
[  330.659441][ T8643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  330.660999][ T5945] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0006/input/input19
[  330.692857][ T8643] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  330.985578][ T5945] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  331.052004][ T5945] usb 4-1: USB disconnect, device number 12
[  331.225453][ T8667] FAULT_INJECTION: forcing a failure.
[  331.225453][ T8667] name failslab, interval 1, probability 0, space 0, times 0
[  331.239688][ T8667] CPU: 0 UID: 0 PID: 8667 Comm: syz.4.732 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  331.239716][ T8667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  331.239728][ T8667] Call Trace:
[  331.239735][ T8667]  <TASK>
[  331.239743][ T8667]  dump_stack_lvl+0x16c/0x1f0
[  331.239768][ T8667]  should_fail_ex+0x512/0x640
[  331.239797][ T8667]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  331.239830][ T8667]  should_failslab+0xc2/0x120
[  331.239850][ T8667]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  331.239880][ T8667]  ? __d_alloc+0x31/0xaa0
[  331.239905][ T8667]  __d_alloc+0x31/0xaa0
[  331.239929][ T8667]  d_alloc_pseudo+0x1c/0xc0
[  331.239954][ T8667]  alloc_file_pseudo+0xcf/0x230
[  331.239980][ T8667]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  331.240004][ T8667]  ? _raw_spin_unlock+0x3e/0x50
[  331.240031][ T8667]  ? alloc_fd+0x471/0x7d0
[  331.240062][ T8667]  __anon_inode_getfile+0xe8/0x280
[  331.240086][ T8667]  anon_inode_getfd+0x52/0xb0
[  331.240107][ T8667]  map_create+0xb68/0x1db0
[  331.240135][ T8667]  ? rcu_is_watching+0x12/0xc0
[  331.240161][ T8667]  ? lockdep_hardirqs_on+0x7c/0x110
[  331.240191][ T8667]  ? __pfx_map_create+0x10/0x10
[  331.240218][ T8667]  ? __sys_bpf+0x284/0x4ea0
[  331.240243][ T8667]  ? __sanitizer_cov_trace_switch+0x4f/0x90
[  331.240269][ T8667]  __sys_bpf+0x4d8d/0x4ea0
[  331.240298][ T8667]  ? __pfx___sys_bpf+0x10/0x10
[  331.240330][ T8667]  ? __pfx___schedule+0x10/0x10
[  331.240356][ T8667]  ? lockdep_hardirqs_on+0x7c/0x110
[  331.240415][ T8667]  __x64_sys_bpf+0x78/0xc0
[  331.240442][ T8667]  do_syscall_64+0xcd/0x4c0
[  331.240465][ T8667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.240485][ T8667] RIP: 0033:0x7f943498e9a9
[  331.240502][ T8667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.240520][ T8667] RSP: 002b:00007f94357f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  331.240539][ T8667] RAX: ffffffffffffffda RBX: 00007f9434bb6080 RCX: 00007f943498e9a9
[  331.240559][ T8667] RDX: 0000000000000048 RSI: 0000200000000740 RDI: 0000000000000000
[  331.240571][ T8667] RBP: 00007f94357f4090 R08: 0000000000000000 R09: 0000000000000000
[  331.240583][ T8667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.240595][ T8667] R13: 0000000000000000 R14: 00007f9434bb6080 R15: 00007ffd568816c8
[  331.240622][ T8667]  </TASK>
[  331.895381][ T8662] fido_id[8662]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  332.101719][ T8661] 9pnet: Could not find request transport: fd�
[  333.528756][ T8668] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  333.535025][ T8668] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  333.545047][ T8668] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  333.551234][ T8668] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  333.558014][ T8668] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  334.088828][ T8694] input: syz0 as /devices/virtual/input/input21
[  334.467626][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout
[  334.724700][ T8709] loop6: detected capacity change from 0 to 64
[  334.754186][   T30] audit: type=1326 audit(1753397011.634:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8701 comm="syz.4.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  335.382380][   T30] audit: type=1326 audit(1753397011.634:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8701 comm="syz.4.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  335.406336][   T30] audit: type=1326 audit(1753397011.954:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8701 comm="syz.4.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f943498d310 code=0x7ffc0000
[  335.429943][   T30] audit: type=1326 audit(1753397012.214:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8701 comm="syz.4.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  335.494683][ T5827] Buffer I/O error on dev loop6, logical block 0, async page read
[  335.518822][   T30] audit: type=1326 audit(1753397012.214:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8701 comm="syz.4.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  335.577137][ T5827] Buffer I/O error on dev loop6, logical block 0, async page read
[  335.652152][ T5827] Buffer I/O error on dev loop6, logical block 0, async page read
[  335.670720][ T5839] Bluetooth: hci4: command 0x0405 tx timeout
[  335.676974][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout
[  335.683069][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout
[  335.683229][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout
[  335.705276][   T30] audit: type=1326 audit(1753397012.224:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8701 comm="syz.4.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f943498e9a9 code=0x7ffc0000
[  335.750887][ T5827] Buffer I/O error on dev loop6, logical block 0, async page read
[  335.810629][ T5827] Buffer I/O error on dev loop6, logical block 0, async page read
[  336.041195][ T8724] netlink: 10 bytes leftover after parsing attributes in process `syz.3.745'.
[  336.081574][ T8726] netlink: 24 bytes leftover after parsing attributes in process `syz.1.746'.
[  336.092858][ T8726] FAULT_INJECTION: forcing a failure.
[  336.092858][ T8726] name failslab, interval 1, probability 0, space 0, times 0
[  336.107457][ T8726] CPU: 0 UID: 0 PID: 8726 Comm: syz.1.746 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  336.107486][ T8726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  336.107498][ T8726] Call Trace:
[  336.107504][ T8726]  <TASK>
[  336.107511][ T8726]  dump_stack_lvl+0x16c/0x1f0
[  336.107535][ T8726]  should_fail_ex+0x512/0x640
[  336.107563][ T8726]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  336.107595][ T8726]  should_failslab+0xc2/0x120
[  336.107613][ T8726]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  336.107629][ T8726]  ? __alloc_skb+0x2b2/0x380
[  336.107649][ T8726]  __alloc_skb+0x2b2/0x380
[  336.107665][ T8726]  ? __pfx___alloc_skb+0x10/0x10
[  336.107681][ T8726]  ? genl_rcv_msg+0x4bb/0x800
[  336.107700][ T8726]  netlink_ack+0x15d/0xb80
[  336.107714][ T8726]  ? __lock_acquire+0x622/0x1c90
[  336.107727][ T8726]  netlink_rcv_skb+0x332/0x420
[  336.107740][ T8726]  ? __pfx_genl_rcv_msg+0x10/0x10
[  336.107755][ T8726]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  336.107774][ T8726]  ? netlink_deliver_tap+0x1ae/0xd30
[  336.107786][ T8726]  ? is_vmalloc_addr+0x86/0xa0
[  336.107803][ T8726]  genl_rcv+0x28/0x40
[  336.107815][ T8726]  netlink_unicast+0x58d/0x850
[  336.107830][ T8726]  ? __pfx_netlink_unicast+0x10/0x10
[  336.107847][ T8726]  netlink_sendmsg+0x8d1/0xdd0
[  336.107862][ T8726]  ? __pfx_netlink_sendmsg+0x10/0x10
[  336.107881][ T8726]  ____sys_sendmsg+0xa98/0xc70
[  336.107895][ T8726]  ? copy_msghdr_from_user+0x10a/0x160
[  336.107906][ T8726]  ? __pfx_____sys_sendmsg+0x10/0x10
[  336.107927][ T8726]  ___sys_sendmsg+0x134/0x1d0
[  336.107938][ T8726]  ? __pfx____sys_sendmsg+0x10/0x10
[  336.107947][ T8726]  ? __lock_acquire+0x622/0x1c90
[  336.107976][ T8726]  __sys_sendmsg+0x16d/0x220
[  336.107987][ T8726]  ? __pfx___sys_sendmsg+0x10/0x10
[  336.108008][ T8726]  do_syscall_64+0xcd/0x4c0
[  336.108020][ T8726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.108031][ T8726] RIP: 0033:0x7f7782f8e9a9
[  336.108041][ T8726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  336.108052][ T8726] RSP: 002b:00007f7783e7e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  336.108063][ T8726] RAX: ffffffffffffffda RBX: 00007f77831b5fa0 RCX: 00007f7782f8e9a9
[  336.108070][ T8726] RDX: 0000000000000880 RSI: 0000200000000540 RDI: 0000000000000004
[  336.108077][ T8726] RBP: 00007f7783e7e090 R08: 0000000000000000 R09: 0000000000000000
[  336.108083][ T8726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  336.108090][ T8726] R13: 0000000000000000 R14: 00007f77831b5fa0 R15: 00007ffe920ffc18
[  336.108104][ T8726]  </TASK>
[  336.384894][   T30] audit: type=1400 audit(1753397013.254:1105): avc:  denied  { recv } for  pid=1205 comm="kworker/0:2" saddr=10.128.0.169 src=30006 daddr=10.128.0.75 dest=33978 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  336.631727][ T8734] binder: 8730:8734 ioctl c0306201 200000000240 returned -11
[  337.295421][ T8728] 9pnet: Could not find request transport: fd�
[  337.434972][   T30] audit: type=1400 audit(1753397014.314:1106): avc:  denied  { egress } for  pid=8744 comm="syz.2.752" saddr=fe80::1b daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[  337.571655][   T30] audit: type=1400 audit(1753397014.314:1107): avc:  denied  { sendto } for  pid=8744 comm="syz.2.752" saddr=fe80::1b daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[  339.864183][   T30] audit: type=1400 audit(1753397016.744:1108): avc:  denied  { watch_reads } for  pid=8761 comm="syz.0.756" path="/151" dev="tmpfs" ino=798 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  340.043400][   T30] audit: type=1400 audit(1753397016.904:1109): avc:  denied  { shutdown } for  pid=8761 comm="syz.0.756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  340.133785][ T8770] netlink: 12 bytes leftover after parsing attributes in process `syz.3.757'.
[  340.217718][ T8770] IPVS: persistence engine module ip_vs_pe_   not found
[  340.969226][ T8779] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  341.359153][ T8783] netlink: 12 bytes leftover after parsing attributes in process `syz.2.761'.
[  341.443057][ T8783] IPVS: persistence engine module ip_vs_pe_   not found
[  341.598890][   T30] audit: type=1400 audit(1753397018.484:1110): avc:  denied  { create } for  pid=8785 comm="syz.0.762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  342.386082][ T5835] Bluetooth: hci4: command 0x0405 tx timeout
[  342.971045][ T5154] Bluetooth: hci3: unexpected event for opcode 0x0809
[  344.845568][   T30] audit: type=1326 audit(1753397021.724:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8811 comm="syz.3.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  344.919381][   T30] audit: type=1326 audit(1753397021.724:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8811 comm="syz.3.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  345.020994][   T30] audit: type=1326 audit(1753397021.764:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8811 comm="syz.3.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  345.088227][   T30] audit: type=1326 audit(1753397021.764:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8811 comm="syz.3.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  345.111547][    C0] vkms_vblank_simulate: vblank timer overrun
[  345.212475][   T30] audit: type=1326 audit(1753397021.764:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8811 comm="syz.3.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  345.278985][   T30] audit: type=1326 audit(1753397021.764:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8811 comm="syz.3.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  345.596600][   T30] audit: type=1326 audit(1753397021.764:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8811 comm="syz.3.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  345.741487][   T30] audit: type=1326 audit(1753397021.764:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8811 comm="syz.3.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  345.885797][   T30] audit: type=1326 audit(1753397021.764:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8811 comm="syz.3.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f768d58d310 code=0x7ffc0000
[  345.912183][   T30] audit: type=1326 audit(1753397021.764:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8811 comm="syz.3.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  346.000317][ T8823] loop6: detected capacity change from 0 to 64
[  346.431287][   T30] audit: type=1326 audit(1753397021.764:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8811 comm="syz.3.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768d58e9a9 code=0x7ffc0000
[  347.364016][ T8828] netlink: 5364 bytes leftover after parsing attributes in process `syz.1.772'.
[  348.756611][ T1205] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  348.951892][ T8851] xt_nfacct: accounting object `syz1' does not exists
[  348.959468][ T8851] netlink: 'syz.1.778': attribute type 4 has an invalid length.
[  348.967274][ T8851] netlink: 17 bytes leftover after parsing attributes in process `syz.1.778'.
[  349.065977][ T1205] usb 3-1: Using ep0 maxpacket: 8
[  349.074539][ T1205] usb 3-1: config index 0 descriptor too short (expected 30, got 18)
[  349.094438][ T1205] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  349.113664][ T1205] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.123065][ T1205] usb 3-1: Product: syz
[  349.127770][ T1205] usb 3-1: Manufacturer: syz
[  349.132284][ T8853] tipc: Started in network mode
[  349.132495][ T1205] usb 3-1: SerialNumber: syz
[  349.142885][ T8853] tipc: Node identity 968ec889e2d, cluster identity 4711
[  349.151931][ T8853] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  349.153509][ T1205] usb 3-1: config 0 descriptor??
[  349.197369][ T8854] syzkaller0: entered promiscuous mode
[  349.204259][ T8854] syzkaller0: entered allmulticast mode
[  349.215003][ T1205] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  349.221915][ T8853] tipc: Resetting bearer <eth:syzkaller0>
[  349.224438][ T1205] usb 3-1: setting power ON
[  349.238114][ T1205] dvb-usb: bulk message failed: -22 (2/0)
[  349.245772][ T8852] tipc: Resetting bearer <eth:syzkaller0>
[  349.254399][ T1205] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  349.269162][ T1205] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  349.278562][ T8852] tipc: Disabling bearer <eth:syzkaller0>
[  349.284874][ T1205] usb 3-1: media controller created
[  349.310800][ T1205] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  349.331209][ T1205] usb 3-1: selecting invalid altsetting 6
[  349.337630][ T1205] usb 3-1: digital interface selection failed (-22)
[  349.344688][ T1205] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  349.355197][ T1205] usb 3-1: setting power OFF
[  349.361859][ T1205] dvb-usb: bulk message failed: -22 (2/0)
[  349.430353][ T8844] dvb-usb: bulk message failed: -22 (3/0)
[  349.437106][ T1205] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  349.453593][ T8844] dvb-usb: bulk message failed: -22 (7/0)
[  349.467870][ T1205] (NULL device *): no alternate interface
[  349.524086][ T8858] syz.4.780: attempt to access beyond end of device
[  349.524086][ T8858] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  349.542607][ T8858] efs: cannot read volume header
[  349.661613][ T1205] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  349.674593][ T8858] netlink: 5364 bytes leftover after parsing attributes in process `syz.4.780'.
[  350.084595][ T1205] usb 3-1: USB disconnect, device number 10
[  350.340735][ T8870] netlink: 12 bytes leftover after parsing attributes in process `syz.3.785'.
[  353.265727][ T5154] Bluetooth: hci3: unexpected event for opcode 0x0809
[  353.458096][ T5154] Bluetooth: hci1: unexpected event for opcode 0x0809
[  356.269711][ T8922] netlink: 8 bytes leftover after parsing attributes in process `syz.3.801'.
[  356.845135][ T8925] netlink: 4 bytes leftover after parsing attributes in process `syz.0.802'.
[  358.723101][ T8945] netlink: 12 bytes leftover after parsing attributes in process `syz.2.806'.
[  359.383117][ T8945] IPVS: persistence engine module ip_vs_pe_   not found
[  360.555905][ T5835] Bluetooth: hci4: command 0x0405 tx timeout
[  360.958831][ T8979] loop6: detected capacity change from 0 to 64
[  362.876494][ T8985] netlink: 10 bytes leftover after parsing attributes in process `syz.0.818'.
[  362.956043][ T8987] loop6: detected capacity change from 0 to 64
[  364.097760][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  364.097795][   T30] audit: type=1400 audit(1753397040.984:1123): avc:  denied  { recv } for  pid=0 comm="swapper/1" saddr=10.128.0.169 src=45060 daddr=10.128.0.75 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  364.549158][ T9007] syz.1.824: attempt to access beyond end of device
[  364.549158][ T9007] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  364.567553][ T9005] FAULT_INJECTION: forcing a failure.
[  364.567553][ T9005] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  364.612406][ T9007] efs: cannot read volume header
[  364.655239][ T9005] CPU: 0 UID: 0 PID: 9005 Comm: syz.0.825 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  364.655270][ T9005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  364.655282][ T9005] Call Trace:
[  364.655288][ T9005]  <TASK>
[  364.655296][ T9005]  dump_stack_lvl+0x16c/0x1f0
[  364.655320][ T9005]  should_fail_ex+0x512/0x640
[  364.655353][ T9005]  _copy_from_iter+0x29f/0x16f0
[  364.655378][ T9005]  ? __pfx__copy_from_iter+0x10/0x10
[  364.655397][ T9005]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  364.655427][ T9005]  copy_page_from_iter+0xde/0x180
[  364.655450][ T9005]  tun_build_skb.constprop.0+0x2e8/0x14f0
[  364.655482][ T9005]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  364.655523][ T9005]  ? __pfx__kstrtoull+0x10/0x10
[  364.655553][ T9005]  tun_get_user+0x165f/0x3b80
[  364.655585][ T9005]  ? __pfx_tun_get_user+0x10/0x10
[  364.655606][ T9005]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  364.655634][ T9005]  ? find_held_lock+0x2b/0x80
[  364.655659][ T9005]  ? tun_get+0x191/0x370
[  364.655681][ T9005]  tun_chr_write_iter+0xdc/0x210
[  364.655701][ T9005]  vfs_write+0x6c4/0x1150
[  364.655729][ T9005]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  364.655757][ T9005]  ? __pfx_vfs_write+0x10/0x10
[  364.655781][ T9005]  ? find_held_lock+0x2b/0x80
[  364.655821][ T9005]  ksys_write+0x12a/0x250
[  364.655845][ T9005]  ? __pfx_ksys_write+0x10/0x10
[  364.655884][ T9005]  do_syscall_64+0xcd/0x4c0
[  364.655905][ T9005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.655925][ T9005] RIP: 0033:0x7f902078d45f
[  364.655941][ T9005] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  364.655958][ T9005] RSP: 002b:00007f90215db000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  364.655975][ T9005] RAX: ffffffffffffffda RBX: 00007f90209b5fa0 RCX: 00007f902078d45f
[  364.655987][ T9005] RDX: 000000000000004a RSI: 0000200000000200 RDI: 00000000000000c8
[  364.655998][ T9005] RBP: 00007f90215db090 R08: 0000000000000000 R09: 0000000000000000
[  364.656008][ T9005] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001
[  364.656019][ T9005] R13: 0000000000000000 R14: 00007f90209b5fa0 R15: 00007ffcef8ac5c8
[  364.656044][ T9005]  </TASK>
[  364.873116][    C0] vkms_vblank_simulate: vblank timer overrun
[  364.949344][ T9002] netlink: 5364 bytes leftover after parsing attributes in process `syz.1.824'.
[  365.172294][ T9014] FAULT_INJECTION: forcing a failure.
[  365.172294][ T9014] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  365.186414][ T9014] CPU: 1 UID: 0 PID: 9014 Comm: syz.2.826 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  365.186443][ T9014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  365.186454][ T9014] Call Trace:
[  365.186461][ T9014]  <TASK>
[  365.186468][ T9014]  dump_stack_lvl+0x16c/0x1f0
[  365.186493][ T9014]  should_fail_ex+0x512/0x640
[  365.186528][ T9014]  _copy_to_user+0x32/0xd0
[  365.186550][ T9014]  binder_ioctl+0x265e/0x72c0
[  365.186587][ T9014]  ? tomoyo_path_number_perm+0x18d/0x580
[  365.186619][ T9014]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  365.186645][ T9014]  ? __pfx_binder_ioctl+0x10/0x10
[  365.186667][ T9014]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  365.186700][ T9014]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  365.186721][ T9014]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  365.186743][ T9014]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  365.186773][ T9014]  ? hook_file_ioctl_common+0x145/0x410
[  365.186810][ T9014]  ? selinux_file_ioctl+0x180/0x270
[  365.186828][ T9014]  ? selinux_file_ioctl+0xb4/0x270
[  365.186848][ T9014]  ? __pfx_binder_ioctl+0x10/0x10
[  365.186872][ T9014]  __x64_sys_ioctl+0x18e/0x210
[  365.186900][ T9014]  do_syscall_64+0xcd/0x4c0
[  365.186922][ T9014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.186942][ T9014] RIP: 0033:0x7ff09f18e9a9
[  365.186958][ T9014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.186976][ T9014] RSP: 002b:00007ff0a004e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  365.186995][ T9014] RAX: ffffffffffffffda RBX: 00007ff09f3b5fa0 RCX: 00007ff09f18e9a9
[  365.187008][ T9014] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003
[  365.187020][ T9014] RBP: 00007ff0a004e090 R08: 0000000000000000 R09: 0000000000000000
[  365.187032][ T9014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.187043][ T9014] R13: 0000000000000000 R14: 00007ff09f3b5fa0 R15: 00007ffd1cc91098
[  365.187070][ T9014]  </TASK>
[  365.187080][ T9014] binder: 9008:9014 ioctl c0306201 2000000001c0 returned -14
[  366.680002][ T9038] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  367.601110][ T9044] netlink: 4 bytes leftover after parsing attributes in process `syz.3.836'.
[  369.126274][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout
[  369.528207][ T9037] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  369.543265][ T9037] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  369.559048][ T9037] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  369.566813][ T9037] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  369.574217][ T9037] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  369.858433][ T9068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.844'.
[  369.892478][ T5944] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  370.286261][ T9070] netlink: 12 bytes leftover after parsing attributes in process `syz.0.843'.
[  370.700283][ T5944] usb 4-1: device not accepting address 13, error -71
[  370.778101][ T5837] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  371.446035][ T5837] usb 3-1: Using ep0 maxpacket: 32
[  371.468404][ T5837] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  371.498855][ T5837] usb 3-1: config 0 has no interface number 0
[  371.516692][ T5837] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  371.528476][ T5837] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.538438][ T5837] usb 3-1: Product: syz
[  371.542755][ T5837] usb 3-1: Manufacturer: syz
[  371.548330][ T5837] usb 3-1: SerialNumber: syz
[  371.784391][ T5835] Bluetooth: hci4: command 0x0405 tx timeout
[  371.791441][ T5154] Bluetooth: hci3: command 0x0c1a tx timeout
[  371.791457][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout
[  371.797817][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout
[  371.969063][ T5837] usb 3-1: config 0 descriptor??
[  372.164879][ T5837] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  372.174435][ T5837] usb 3-1: selecting invalid altsetting 1
[  372.180238][ T5837] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  372.196782][ T5837] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  372.207406][ T5837] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  372.216048][ T5837] usb 3-1: media controller created
[  372.252463][ T5837] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  372.338075][ T9085] netlink: 24 bytes leftover after parsing attributes in process `syz.1.850'.
[  372.415947][ T5837] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  372.446405][ T5837] zl10353_read_register: readreg error (reg=127, ret==-71)
[  372.486723][ T5837] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  372.537403][ T9087] netlink: 8 bytes leftover after parsing attributes in process `syz.1.851'.
[  372.549000][ T9087] netlink: 24 bytes leftover after parsing attributes in process `syz.1.851'.
[  372.564434][ T5837] usb 3-1: USB disconnect, device number 11
[  372.571594][ T9087] netlink: 8 bytes leftover after parsing attributes in process `syz.1.851'.
[  372.590454][ T9087] netlink: 24 bytes leftover after parsing attributes in process `syz.1.851'.
[  373.884094][ T5944] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  374.030033][ T9102] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  374.297988][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  374.326764][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  374.460938][ T5944] usb 2-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
[  374.470360][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.503244][ T5944] usb 2-1: config 0 descriptor??
[  375.466695][ T5944] usbhid 2-1:0.0: can't add hid device: -71
[  375.474011][ T5944] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  375.496651][ T9112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.859'.
[  375.537422][ T5944] usb 2-1: USB disconnect, device number 17
[  376.415482][ T9126] netlink: 12 bytes leftover after parsing attributes in process `syz.1.863'.
[  377.065937][ T5944] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  377.451207][ T5944] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  377.467243][ T5944] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  377.571863][ T5944] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  377.596095][ T5837] usb 2-1: new low-speed USB device number 18 using dummy_hcd
[  377.921116][ T5944] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  378.022292][ T5944] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  378.067732][ T5837] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  378.084942][ T5944] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  378.287575][ T5837] usb 2-1: config 0 has no interface number 0
[  378.303605][ T5837] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  378.581109][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.666167][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  379.090220][ T5837] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  383.383778][ T6716] sched: DL replenish lagged too much
[  391.263006][ T5944] usb 4-1: string descriptor 0 read error: -71
[  395.644870][ T5837] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  398.554673][ T5944] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  405.773968][ T5944] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  409.906355][ T5837] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.988544][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  440.007605][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  501.531328][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  501.550574][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  604.845765][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  604.852768][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5886/1:b..l
[  604.861140][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=28189, q=638 ncpus=2)
[  604.868870][    C1] task:kworker/1:4     state:R  running task     stack:25384 pid:5886  tgid:5886  ppid:2      task_flags:0x4208060 flags:0x00004000
[  604.883565][    C1] Workqueue: events_power_efficient gc_worker
[  604.889671][    C1] Call Trace:
[  604.892991][    C1]  <TASK>
[  604.895927][    C1]  __schedule+0x116a/0x5dd0
[  604.900460][    C1]  ? rcu_is_watching+0x12/0xc0
[  604.905259][    C1]  ? __pfx___schedule+0x10/0x10
[  604.910129][    C1]  ? debug_object_activate+0x2ec/0x4c0
[  604.915616][    C1]  ? mark_held_locks+0x49/0x80
[  604.920407][    C1]  preempt_schedule_irq+0x51/0x90
[  604.925455][    C1]  irqentry_exit+0x36/0x90
[  604.929882][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  604.935890][    C1] RIP: 0010:gc_worker+0x2d5/0x16e0
[  604.941023][    C1] Code: 00 00 48 c7 c7 88 ef a9 90 e8 77 15 ed f7 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 25 76 10 f8 58 48 85 db 0f 85 d4 0f 00 00 <e8> a6 7a 10 f8 8b 1d b0 81 fe 06 41 89 dc 31 ff 41 83 e4 01 44 89
[  604.960645][    C1] RSP: 0018:ffffc900043efb58 EFLAGS: 00000293
[  604.966723][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff89ab7909
[  604.974735][    C1] RDX: ffff88807cf98000 RSI: ffffffff89ab7918 RDI: 0000000000000007
[  604.982716][    C1] RBP: ffffffff9b26fa8c R08: 0000000000000007 R09: 0000000000000000
[  604.990689][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888031c00000
[  604.998664][    C1] R13: 0000000000040000 R14: dffffc0000000000 R15: 0000000000001715
[  605.006661][    C1]  ? gc_worker+0xe19/0x16e0
[  605.011214][    C1]  ? gc_worker+0xe28/0x16e0
[  605.015741][    C1]  ? gc_worker+0xe28/0x16e0
[  605.020267][    C1]  ? __pfx_gc_worker+0x10/0x10
[  605.025046][    C1]  ? rcu_is_watching+0x12/0xc0
[  605.029825][    C1]  process_one_work+0x9cf/0x1b70
[  605.034782][    C1]  ? __pfx_vmstat_update+0x10/0x10
[  605.039906][    C1]  ? __pfx_process_one_work+0x10/0x10
[  605.045296][    C1]  ? assign_work+0x1a0/0x250
[  605.049897][    C1]  worker_thread+0x6c8/0xf10
[  605.054506][    C1]  ? __kthread_parkme+0x19e/0x250
[  605.059556][    C1]  ? __pfx_worker_thread+0x10/0x10
[  605.064681][    C1]  kthread+0x3c5/0x780
[  605.068746][    C1]  ? __pfx_kthread+0x10/0x10
[  605.073331][    C1]  ? rcu_is_watching+0x12/0xc0
[  605.078110][    C1]  ? __pfx_kthread+0x10/0x10
[  605.082709][    C1]  ret_from_fork+0x5d4/0x6f0
[  605.087324][    C1]  ? __pfx_kthread+0x10/0x10
[  605.091922][    C1]  ret_from_fork_asm+0x1a/0x30
[  605.096732][    C1]  </TASK>
[  605.099793][    C1] rcu: rcu_preempt kthread starved for 8769 jiffies! g28189 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  605.110909][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  605.120889][    C1] rcu: RCU grace-period kthread stack dump:
[  605.126776][    C1] task:rcu_preempt     state:R  running task     stack:27672 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  605.140302][    C1] Call Trace:
[  605.143591][    C1]  <TASK>
[  605.146530][    C1]  __schedule+0x116a/0x5dd0
[  605.151073][    C1]  ? __lock_acquire+0x622/0x1c90
[  605.156027][    C1]  ? __pfx___schedule+0x10/0x10
[  605.160906][    C1]  ? find_held_lock+0x2b/0x80
[  605.165598][    C1]  ? schedule+0x2d7/0x3a0
[  605.169945][    C1]  schedule+0xe7/0x3a0
[  605.174030][    C1]  schedule_timeout+0x123/0x290
[  605.178893][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  605.184276][    C1]  ? __pfx_process_timeout+0x10/0x10
[  605.189576][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  605.195405][    C1]  ? prepare_to_swait_event+0xf5/0x480
[  605.200888][    C1]  rcu_gp_fqs_loop+0x1ea/0xb00
[  605.205666][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  605.210970][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  605.216184][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  605.221131][    C1]  ? rcu_gp_cleanup+0x7c1/0xd90
[  605.225994][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  605.231819][    C1]  rcu_gp_kthread+0x270/0x380
[  605.236508][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  605.241713][    C1]  ? rcu_is_watching+0x12/0xc0
[  605.246490][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  605.251709][    C1]  ? __kthread_parkme+0x19e/0x250
[  605.256755][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  605.261959][    C1]  kthread+0x3c5/0x780
[  605.266035][    C1]  ? __pfx_kthread+0x10/0x10
[  605.270631][    C1]  ? rcu_is_watching+0x12/0xc0
[  605.275401][    C1]  ? __pfx_kthread+0x10/0x10
[  605.279995][    C1]  ret_from_fork+0x5d4/0x6f0
[  605.284600][    C1]  ? __pfx_kthread+0x10/0x10
[  605.289192][    C1]  ret_from_fork_asm+0x1a/0x30
[  605.293984][    C1]  </TASK>
[  605.296999][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  605.303328][    C1] Sending NMI from CPU 1 to CPUs 0:
[  605.308553][    C0] NMI backtrace for cpu 0
[  605.308568][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  605.308591][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  605.308603][    C0] RIP: 0010:check_preemption_disabled+0x25/0xe0
[  605.308628][    C0] Code: 90 90 90 90 90 41 54 55 53 48 83 ec 08 65 8b 1d 05 6c 49 08 65 8b 05 fa 6b 49 08 a9 ff ff ff 7f 74 0f 48 83 c4 08 89 d8 5b 5d <41> 5c e9 14 df 02 00 9c 58 f6 c4 02 74 ea 48 89 fd 65 48 8b 05 ba
[  605.308645][    C0] RSP: 0018:ffffc90000006e40 EFLAGS: 00000296
[  605.308660][    C0] RAX: 0000000000000000 RBX: ffff888076ace480 RCX: ffffffff8a09ec43
[  605.308672][    C0] RDX: 0000000000000001 RSI: ffffffff8c1573e0 RDI: ffffffff8c157420
[  605.308684][    C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  605.308695][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffffc90000007388
[  605.308707][    C0] R13: ffff888076ace497 R14: 0000000000000001 R15: ffff88807a178400
[  605.308719][    C0] FS:  0000000000000000(0000) GS:ffff888124720000(0000) knlGS:0000000000000000
[  605.308736][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  605.308748][    C0] CR2: 000020000037d030 CR3: 0000000023aa5000 CR4: 00000000003526f0
[  605.308760][    C0] Call Trace:
[  605.308766][    C0]  <IRQ>
[  605.308772][    C0]  rcu_lockdep_current_cpu_online+0x35/0x150
[  605.308799][    C0]  rcu_read_lock_held+0x27/0x50
[  605.308824][    C0]  fib_lookup_good_nhc+0x2f6/0x3f0
[  605.308847][    C0]  fib_table_lookup+0xd03/0x2300
[  605.308874][    C0]  fib4_rule_action+0x1f5/0x3c0
[  605.308900][    C0]  ? __pfx_fib4_rule_action+0x10/0x10
[  605.308926][    C0]  fib_rules_lookup+0xe16/0x1030
[  605.308948][    C0]  ? __pfx_fib_rules_lookup+0x10/0x10
[  605.308974][    C0]  __fib_lookup+0xec/0x1e0
[  605.308999][    C0]  ? __pfx___fib_lookup+0x10/0x10
[  605.309031][    C0]  fib_lookup.constprop.0+0x35c/0x530
[  605.309058][    C0]  ip_route_output_key_hash_rcu+0xde2/0x28f0
[  605.309090][    C0]  ip_route_output_key_hash+0x137/0x2e0
[  605.309116][    C0]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  605.309146][    C0]  ? lock_acquire+0x179/0x350
[  605.309163][    C0]  ? find_held_lock+0x2b/0x80
[  605.309187][    C0]  ip_route_output_flow+0x27/0x150
[  605.309217][    C0]  ip_route_me_harder+0x565/0x12f0
[  605.309240][    C0]  ? __pfx_ip_route_me_harder+0x10/0x10
[  605.309260][    C0]  ? rcu_is_watching+0x12/0xc0
[  605.309285][    C0]  ? trace_kmem_cache_alloc+0x28/0xc0
[  605.309309][    C0]  ? __pfx_cookie_hash+0x10/0x10
[  605.309336][    C0]  synproxy_send_tcp.isra.0+0x2fa/0x630
[  605.309359][    C0]  synproxy_send_client_synack+0x6f6/0x8f0
[  605.309383][    C0]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  605.309404][    C0]  ? nft_fib_store_result+0x108/0x390
[  605.309428][    C0]  nft_synproxy_do_eval+0xa63/0xd80
[  605.309454][    C0]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  605.309477][    C0]  ? lock_acquire+0x179/0x350
[  605.309494][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  605.309521][    C0]  ? sched_clock_cpu+0x6c/0x530
[  605.309547][    C0]  ? find_held_lock+0x2b/0x80
[  605.309569][    C0]  ? __pfx_nft_synproxy_eval+0x10/0x10
[  605.309593][    C0]  nft_do_chain+0x2e9/0x1920
[  605.309619][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[  605.309639][    C0]  ? ipt_do_table+0xd48/0x1ae0
[  605.309664][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  605.309693][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  605.309719][    C0]  ? ipt_do_table+0xd48/0x1ae0
[  605.309752][    C0]  nft_do_chain_inet+0x18a/0x340
[  605.309773][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  605.309795][    C0]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  605.309815][    C0]  ? __pfx_ipt_do_table+0x10/0x10
[  605.309840][    C0]  ? nf_nat_ipv4_local_in+0x181/0x720
[  605.309868][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  605.309888][    C0]  nf_hook_slow+0xbe/0x200
[  605.309906][    C0]  nf_hook.constprop.0+0x422/0x750
[  605.309922][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  605.309942][    C0]  ? __pfx_nf_hook.constprop.0+0x10/0x10
[  605.309958][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  605.309981][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  605.310004][    C0]  ip_local_deliver+0x169/0x1f0
[  605.310020][    C0]  ? __pfx_ip_local_deliver+0x10/0x10
[  605.310039][    C0]  ip_rcv+0x2c3/0x5d0
[  605.310056][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  605.310071][    C0]  __netif_receive_skb_one_core+0x197/0x1e0
[  605.310098][    C0]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  605.310125][    C0]  ? lock_acquire+0x179/0x350
[  605.310144][    C0]  ? process_backlog+0x3f0/0x15e0
[  605.310169][    C0]  __netif_receive_skb+0x1d/0x160
[  605.310194][    C0]  process_backlog+0x442/0x15e0
[  605.310223][    C0]  __napi_poll.constprop.0+0xb7/0x550
[  605.310248][    C0]  ? rcu_is_watching+0x12/0xc0
[  605.310272][    C0]  net_rx_action+0xa9f/0xfe0
[  605.310302][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  605.310331][    C0]  ? tmigr_handle_remote+0x132/0x380
[  605.310358][    C0]  ? run_timer_base+0x121/0x190
[  605.310384][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  605.310412][    C0]  handle_softirqs+0x219/0x8e0
[  605.310436][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  605.310461][    C0]  __irq_exit_rcu+0x109/0x170
[  605.310481][    C0]  irq_exit_rcu+0x9/0x30
[  605.310501][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  605.310527][    C0]  </IRQ>
[  605.310533][    C0]  <TASK>
[  605.310539][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  605.310559][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  605.310587][    C0] Code: 6b 6d 02 e9 83 fb 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 89 23 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  605.310604][    C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c6
[  605.310617][    C0] RAX: 00000000028dceb3 RBX: 0000000000000000 RCX: ffffffff8b868c99
[  605.310628][    C0] RDX: 0000000000000000 RSI: ffffffff8de300f6 RDI: ffffffff8c157460
[  605.310640][    C0] RBP: fffffbfff1c52ef0 R08: 0000000000000001 R09: ffffed1017086645
[  605.310652][    C0] R10: ffff8880b843322b R11: 0000000000000001 R12: 0000000000000000
[  605.310663][    C0] R13: ffffffff8e297780 R14: ffffffff90a94150 R15: 0000000000000000
[  605.310679][    C0]  ? ct_kernel_exit+0x139/0x190
[  605.310698][    C0]  default_idle+0x13/0x20
[  605.310717][    C0]  default_idle_call+0x6d/0xb0
[  605.310736][    C0]  do_idle+0x391/0x510
[  605.310758][    C0]  ? __pfx_do_idle+0x10/0x10
[  605.310781][    C0]  ? trace_sched_exit_tp+0x31/0x130
[  605.310808][    C0]  cpu_startup_entry+0x4f/0x60
[  605.310830][    C0]  rest_init+0x16b/0x2b0
[  605.310850][    C0]  ? acpi_subsystem_init+0x133/0x180
[  605.310876][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  605.310896][    C0]  start_kernel+0x3ee/0x4d0
[  605.310913][    C0]  x86_64_start_reservations+0x18/0x30
[  605.310930][    C0]  x86_64_start_kernel+0x130/0x190
[  605.310947][    C0]  common_startup_64+0x13e/0x148
[  605.310976][    C0]  </TASK>
[  606.456478][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  606.644857][ T1298] ieee802154 phy1 wpan1: encryption failed: -22